From dee12b8f08c151197546d2ab2c9d34c6674b73ed Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Tue, 13 Feb 2024 17:55:16 +0100 Subject: [PATCH] multi line node formatting in RbacGrantsMermaidService --- .../rbacgrant/RbacGrantsMermaidService.java | 36 ++++- .../changelog/233-hs-office-partner-rbac.md | 4 +- ...acGrantsMermaidServiceIntegrationTest.java | 130 +++++++++++++----- 3 files changed, 128 insertions(+), 42 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsMermaidService.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsMermaidService.java index 77d8128a..aa67c6f7 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsMermaidService.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsMermaidService.java @@ -29,7 +29,9 @@ public class RbacGrantsMermaidService { public String allGrantsToCurrentUser(final EnumSet include) { final var graph = new ArrayList(); - traverseGrantsTo(graph, context.getCurrentUserUUid(), include); + for ( UUID subjectUuid: context.currentSubjectsUuids() ) { + traverseGrantsTo(graph, subjectUuid, include); + } return "flowchart TB\n\n" + String.join("\n", graph); } @@ -46,20 +48,44 @@ public class RbacGrantsMermaidService { return; } graph.add( - id(g.getAscendantIdName()) + + node(g.getAscendantIdName()) + (g.isAssumed() ? " --> " : " -.-> ") + - id(g.getDescendantIdName())); + node(g.getDescendantIdName())); if (include.contains(NOT_ASSUMED) || g.isAssumed()) { traverseGrantsTo(graph, g.getDescendantUuid(), include); } }); } - private String id(final String idName) { + private String node(final String idName) { if (idName.contains("@")) { return quoted(idName).replaceAll("@.*", "") + "[" + quoted(idName) + "]"; } - return quoted(idName); + return quoted(idName) + display(idName); + } + + private String display(final String idName) { + // role hs_office_relationship#FirstGmbH-with-REPRESENTATIVE-FirbySusan.admin + final var refType = idName.split(" ", 2)[0]; + final var roleType = refType.equals("perm") + ? idName.split(" ")[1] + : idName.substring(idName.lastIndexOf('.') + 1); + final var objectName = refType.equals("perm") + ? idName.split(" ")[3] + : idName.substring(refType.length()+1, idName.length()-roleType.length()-1); + final var tableName = objectName.split("#")[0]; + final var instanceName = objectName.split("#", 2)[1]; + final var displayName = "\n" + tableName + "\n" + instanceName + "\n" + roleType; + if (refType.equals("user")) { + return "(" + displayName + ")"; + } + if (refType.equals("role")) { + return "[" + displayName + "]"; + } + if (refType.equals("perm")) { + return "{{" + displayName + "}}"; + } + return ""; } @NotNull diff --git a/src/main/resources/db/changelog/233-hs-office-partner-rbac.md b/src/main/resources/db/changelog/233-hs-office-partner-rbac.md index c11f424b..86e12c29 100644 --- a/src/main/resources/db/changelog/233-hs-office-partner-rbac.md +++ b/src/main/resources/db/changelog/233-hs-office-partner-rbac.md @@ -15,13 +15,13 @@ subgraph external[ ] subgraph partnerPerson style partnerPerson fill:#eee - role:partnerPerson.admin[global.admin] + role:partnerPerson.admin[partnerPerson.admin] end subgraph otherRelatedPerson style otherRelatedPerson fill:#eee - role:otherRelatedPerson.admin[global.admin] + role:otherRelatedPerson.admin[otherRelatedPerson.admin] end subgraph hsOfficeRelationship[hsOfficeRelationship:PARTNER] diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsMermaidServiceIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsMermaidServiceIntegrationTest.java index ba848d71..e27cb801 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsMermaidServiceIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsMermaidServiceIntegrationTest.java @@ -4,6 +4,7 @@ import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.hs.office.test.ContextBasedTestWithCleanup; import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsMermaidService.Include; import net.hostsharing.test.JpaAttempt; +import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest; @@ -11,8 +12,12 @@ import org.springframework.boot.test.mock.mockito.MockBean; import org.springframework.context.annotation.Import; import jakarta.servlet.http.HttpServletRequest; +import java.io.BufferedWriter; +import java.io.FileWriter; +import java.io.IOException; import java.util.EnumSet; +import static java.lang.String.join; import static org.assertj.core.api.Assertions.assertThat; @DataJpaTest @@ -27,56 +32,111 @@ class RbacGrantsMermaidServiceIntegrationTest extends ContextBasedTestWithCleanu @Test void allGrantsToCurrentUser() { - context("pac-admin-xxx00@xxx.example.com"); + context("superuser-alex@hostsharing.net", "test_domain#xxx00-aaaa.owner"); final var graph = grantsMermaidService.allGrantsToCurrentUser(EnumSet.of(Include.TEST_ENTITIES)); assertThat(graph).isEqualTo(""" flowchart TB - user:pac-admin-xxx00[user:pac-admin-xxx00@xxx.example.com] --> role:test_package#xxx00.admin - role:test_package#xxx00.admin --> role:test_domain#xxx00-aaaa.owner - role:test_domain#xxx00-aaaa.owner --> role:test_domain#xxx00-aaaa.admin - role:test_domain#xxx00-aaaa.admin --> role:test_package#xxx00.tenant - role:test_package#xxx00.tenant --> role:test_customer#xxx.tenant - role:test_package#xxx00.admin --> role:test_domain#xxx00-aaab.owner - role:test_domain#xxx00-aaab.owner --> role:test_domain#xxx00-aaab.admin - role:test_domain#xxx00-aaab.admin --> role:test_package#xxx00.tenant - role:test_package#xxx00.tenant --> role:test_customer#xxx.tenant - role:test_package#xxx00.admin --> role:test_package#xxx00.tenant - role:test_package#xxx00.tenant --> role:test_customer#xxx.tenant + role:test_domain#xxx00-aaaa.owner[ + test_domain + xxx00-aaaa + owner] --> role:test_domain#xxx00-aaaa.admin[ + test_domain + xxx00-aaaa + admin] + role:test_domain#xxx00-aaaa.admin[ + test_domain + xxx00-aaaa + admin] --> role:test_package#xxx00.tenant[ + test_package + xxx00 + tenant] + role:test_package#xxx00.tenant[ + test_package + xxx00 + tenant] --> role:test_customer#xxx.tenant[ + test_customer + xxx + tenant] """.trim()); } @Test void allGrantsToCurrentUserIncludingPermissions() { - context("pac-admin-xxx00@xxx.example.com"); + context("superuser-alex@hostsharing.net", "test_domain#xxx00-aaaa.owner"); final var graph = grantsMermaidService.allGrantsToCurrentUser(EnumSet.of(Include.TEST_ENTITIES, Include.PERMISSIONS)); assertThat(graph).isEqualTo(""" flowchart TB - user:pac-admin-xxx00[user:pac-admin-xxx00@xxx.example.com] --> role:test_package#xxx00.admin - role:test_package#xxx00.admin --> perm:add-domain:on:test_package#xxx00 - role:test_package#xxx00.admin --> role:test_domain#xxx00-aaaa.owner - role:test_domain#xxx00-aaaa.owner --> perm:*:on:test_domain#xxx00-aaaa - role:test_domain#xxx00-aaaa.owner --> role:test_domain#xxx00-aaaa.admin - role:test_domain#xxx00-aaaa.admin --> perm:edit:on:test_domain#xxx00-aaaa - role:test_domain#xxx00-aaaa.admin --> role:test_package#xxx00.tenant - role:test_package#xxx00.tenant --> perm:view:on:test_package#xxx00 - role:test_package#xxx00.tenant --> role:test_customer#xxx.tenant - role:test_customer#xxx.tenant --> perm:view:on:test_customer#xxx - role:test_package#xxx00.admin --> role:test_domain#xxx00-aaab.owner - role:test_domain#xxx00-aaab.owner --> perm:*:on:test_domain#xxx00-aaab - role:test_domain#xxx00-aaab.owner --> role:test_domain#xxx00-aaab.admin - role:test_domain#xxx00-aaab.admin --> perm:edit:on:test_domain#xxx00-aaab - role:test_domain#xxx00-aaab.admin --> role:test_package#xxx00.tenant - role:test_package#xxx00.tenant --> perm:view:on:test_package#xxx00 - role:test_package#xxx00.tenant --> role:test_customer#xxx.tenant - role:test_customer#xxx.tenant --> perm:view:on:test_customer#xxx - role:test_package#xxx00.admin --> role:test_package#xxx00.tenant - role:test_package#xxx00.tenant --> perm:view:on:test_package#xxx00 - role:test_package#xxx00.tenant --> role:test_customer#xxx.tenant - role:test_customer#xxx.tenant --> perm:view:on:test_customer#xxx + role:test_domain#xxx00-aaaa.owner[ + test_domain + xxx00-aaaa + owner] --> perm:*:on:test_domain#xxx00-aaaa{{ + test_domain + xxx00-aaaa + *}} + role:test_domain#xxx00-aaaa.owner[ + test_domain + xxx00-aaaa + owner] --> role:test_domain#xxx00-aaaa.admin[ + test_domain + xxx00-aaaa + admin] + role:test_domain#xxx00-aaaa.admin[ + test_domain + xxx00-aaaa + admin] --> perm:edit:on:test_domain#xxx00-aaaa{{ + test_domain + xxx00-aaaa + edit}} + role:test_domain#xxx00-aaaa.admin[ + test_domain + xxx00-aaaa + admin] --> role:test_package#xxx00.tenant[ + test_package + xxx00 + tenant] + role:test_package#xxx00.tenant[ + test_package + xxx00 + tenant] --> perm:view:on:test_package#xxx00{{ + test_package + xxx00 + view}} + role:test_package#xxx00.tenant[ + test_package + xxx00 + tenant] --> role:test_customer#xxx.tenant[ + test_customer + xxx + tenant] + role:test_customer#xxx.tenant[ + test_customer + xxx + tenant] --> perm:view:on:test_customer#xxx{{ + test_customer + xxx + view}} """.trim()); } + + @Test + @Disabled + void print() throws IOException { + //context("superuser-alex@hostsharing.net", "hs_office_person#FirbySusan.admin"); + context("superuser-alex@hostsharing.net", "hs_office_person#FirstGmbH.admin"); + + final var graph = grantsMermaidService.allGrantsToCurrentUser(EnumSet.of(Include.NON_TEST_ENTITIES, Include.PERMISSIONS)); + try (BufferedWriter writer = new BufferedWriter(new FileWriter("doc/all-grants.md"))) { + writer.write(""" + ### all grants to %s + + ```mermaid + %s + ``` + """.formatted(join(";", context.getAssumedRoles()), graph)); + } + } }