From f16953877f620587e24c29379473206cdecb59e4 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Fri, 5 Aug 2022 15:00:00 +0200
Subject: [PATCH] add RbacUser* tests and improved http status codes

---
 .../RbacUserRepositoryIntegrationTest.java    | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java
index 6198585b..96df4196 100644
--- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java
@@ -267,6 +267,18 @@ class RbacUserRepositoryIntegrationTest {
             );
         }
 
+        @Test
+        public void customerAdmin_withoutAssumedRole_canNotViewPermissionsOfUnrelatedUsers() {
+            // given
+            currentUser("admin@aaa.example.com");
+
+            // when
+            final var result = rbacUserRepository.findPermissionsOfUser("aab00@aab.example.com");
+
+            // then
+            noRbacPermissionsAreReturned(result);
+        }
+
         @Test
         public void packetAdmin_withoutAssumedRole_canViewAllPermissionsWithinThePacketsRealm() {
             // given
@@ -304,6 +316,14 @@ class RbacUserRepositoryIntegrationTest {
             .containsExactlyInAnyOrder(expectedUserNames);
     }
 
+    void noRbacPermissionsAreReturned(
+        final List<RbacUserPermission> actualResult) {
+        assertThat(actualResult)
+            .extracting(p -> p.getRoleName() + " -> " + p.getObjectTable() + "#" + p.getObjectIdName() + ": " + p.getOp())
+            .containsExactlyInAnyOrder();
+    }
+
+
     void exactlyTheseRbacPermissionsAreReturned(
         final List<RbacUserPermission> actualResult,
         final String... expectedRoleNames) {