From f455c63bc9ae6339d711af870a78d1aa83515f8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20H=C3=B6nnig?= Date: Mon, 16 Sep 2024 16:39:21 +0200 Subject: [PATCH] getting back former versions + files --- .../generator/InsertTriggerGenerator.java | 28 +-- .../hsadminng/rbac/generator/RbacView.java | 30 +-- .../generator/RbacViewPostgresGenerator.java | 2 +- .../RolesGrantsAndPermissionsGenerator.java | 4 +- .../rbac/generator/StringWriter.java | 6 +- .../rbac/grant/RbacGrantsDiagramService.java | 4 +- .../db/changelog/0-base/000-base-schema.sql | 11 ++ .../db/changelog/0-base/007-table-columns.sql | 24 ++- .../db/changelog/0-base/010-context.sql | 1 + .../0-base/011-table-schema-and-name.sql | 18 ++ .../db/changelog/0-base/020-audit-log.sql | 16 +- .../db/changelog/0-base/030-historization.sql | 4 +- .../1-rbac/1051-rbac-subject-grant.sql | 2 +- .../1-rbac/1057-rbac-role-builder.sql | 2 +- .../db/changelog/1-rbac/1080-rbac-global.sql | 4 +- .../changelog/2-test/200-rbactest-schema.sql | 8 + .../db/changelog/db.changelog-master.yaml | 6 +- .../hs/migration/BaseOfficeDataImport.java | 21 +-- .../hsadminng/hs/migration/CsvDataImport.java | 18 ++ .../hs/migration/ImportHostingAssets.java | 167 ++++++++++++++++- .../RbacGrantControllerAcceptanceTest.java | 70 +++---- .../RbacGrantRepositoryIntegrationTest.java | 54 +++--- ...acGrantsDiagramServiceIntegrationTest.java | 30 +-- .../RbacRoleControllerAcceptanceTest.java | 52 +++--- .../rbac/role/RbacRoleControllerRestTest.java | 4 +- .../RbacRoleRepositoryIntegrationTest.java | 78 ++++---- .../hsadminng/rbac/role/TestRbacRole.java | 4 +- .../RbacSubjectControllerAcceptanceTest.java | 18 +- .../RbacSubjectRepositoryIntegrationTest.java | 176 +++++++++--------- 29 files changed, 546 insertions(+), 316 deletions(-) create mode 100644 src/main/resources/db/changelog/0-base/011-table-schema-and-name.sql create mode 100644 src/main/resources/db/changelog/2-test/200-rbactest-schema.sql diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java index eb489038..c5bc51c4 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java @@ -100,7 +100,7 @@ public class InsertTriggerGenerator { /** Grants ${rawSubTable} INSERT permission to specified role of new ${rawSuperTable} rows. */ - create or replace function ${rawSuperTableSchemaName}new_${rawSubTableShortName}_grants_insert_to_${rawSuperTableShortName}_tf() + create or replace function ${rawSubTableSchemaPrefix}new_${rawSubTableShortName}_grants_insert_to_${rawSuperTableShortName}_tf() returns trigger language plpgsql strict as $$ @@ -114,10 +114,10 @@ public class InsertTriggerGenerator { end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist - create trigger z_new_${rawSubTable}_grants_after_insert_tg + create trigger z_new_${rawSubTableName}_grants_after_insert_tg after insert on ${rawSuperTableWithSchema} for each row - execute procedure ${rawSuperTableSchemaName}new_${rawSubTableShortName}_grants_insert_to_${rawSuperTableShortName}_tf(); + execute procedure ${rawSubTableSchemaPrefix}new_${rawSubTableShortName}_grants_insert_to_${rawSuperTableShortName}_tf(); """, with("ifConditionThen", g.getSuperRoleDef().getEntityAlias().isCaseDependent() // TODO.impl: .type needs to be dynamically generated @@ -130,8 +130,9 @@ public class InsertTriggerGenerator { with("rawSuperTableWithSchema", g.getSuperRoleDef().getEntityAlias().getRawTableNameWithSchema()), with("rawSuperTableShortName", g.getSuperRoleDef().getEntityAlias().getRawTableShortName()), with("rawSuperTable", g.getSuperRoleDef().getEntityAlias().getRawTableName()), - with("rawSuperTableSchemaName", g.getSuperRoleDef().getEntityAlias().getRawTableSchemaPrefix()), with("rawSubTable", g.getPermDef().getEntityAlias().getRawTableNameWithSchema()), + with("rawSubTableSchemaPrefix", g.getPermDef().getEntityAlias().getRawTableSchemaPrefix()), + with("rawSubTableName", g.getPermDef().getEntityAlias().getRawTableName()), with("rawSubTableShortName", g.getPermDef().getEntityAlias().getRawTableShortName())); }); @@ -154,15 +155,16 @@ public class InsertTriggerGenerator { returns trigger language plpgsql as $$ begin - raise exception '[403] insert into ${rawSubTable} values(%) not allowed regardless of current subject, no insert permissions granted at all', NEW; + raise exception '[403] insert into ${rawSubTableWithSchema} values(%) not allowed regardless of current subject, no insert permissions granted at all', NEW; end; $$; create trigger ${rawSubTable}_insert_permission_check_tg before insert on ${rawSubTable} for each row - execute procedure ${rawSubTable}_insert_permission_missing_tf(); + execute procedure ${rawSubTableWithSchema}_insert_permission_missing_tf(); """, - with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableNameWithSchema())); + with("rawSubTableWithSchema", rbacDef.getRootEntityAlias().getRawTableNameWithSchema()), + with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableName())); plPgSql.writeLn("--//"); } @@ -183,7 +185,7 @@ public class InsertTriggerGenerator { private void generateInsertPermissionsCheckHeader(final StringWriter plPgSql) { plPgSql.writeLn(""" -- ============================================================================ - --changeset InsertTriggerGenerator:${rawSubTable}-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// + --changeset InsertTriggerGenerator:${liquibaseTagPrefix}-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -196,6 +198,7 @@ public class InsertTriggerGenerator { superObjectUuid uuid; begin """, + with("liquibaseTagPrefix", liquibaseTagPrefix), with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableNameWithSchema())); plPgSql.chopEmptyLines(); } @@ -258,17 +261,18 @@ public class InsertTriggerGenerator { private void generateInsertPermissionsChecksFooter(final StringWriter plPgSql) { plPgSql.writeLn(); plPgSql.writeLn(""" - raise exception '[403] insert into ${rawSubTable} values(%) not allowed for current subjects % (%)', + raise exception '[403] insert into ${rawSubTableWithSchema} values(%) not allowed for current subjects % (%)', NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger ${rawSubTable}_insert_permission_check_tg - before insert on ${rawSubTable} + before insert on ${rawSubTableWithSchema} for each row - execute procedure ${rawSubTable}_insert_permission_check_tf(); + execute procedure ${rawSubTableWithSchema}_insert_permission_check_tf(); --// """, - with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableNameWithSchema())); + with("rawSubTableWithSchema", rbacDef.getRootEntityAlias().getRawTableNameWithSchema()), + with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableName())); } private String toStringList(final Set cases) { diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java index 634d4c33..179bf667 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java @@ -90,11 +90,11 @@ public class RbacView { * @param * a JPA entity class extending RbacObject */ - public static RbacView rbacViewFor(final String alias, final Class entityClass) { + public static > RbacView rbacViewFor(final String alias, final Class entityClass) { return new RbacView(alias, entityClass); } - RbacView(final String alias, final Class entityClass) { + RbacView(final String alias, final Class> entityClass) { rootEntityAlias = new EntityAlias(alias, entityClass); entityAliases.put(alias, rootEntityAlias); new RbacSubjectReference(CREATOR); @@ -121,7 +121,7 @@ public class RbacView { *

An identity view is a view which maps an objectUuid to an idName. * The idName should be a human-readable representation of the row, but as short as possible. * The idName must only consist of letters (A-Z, a-z), digits (0-9), dash (-), dot (.) and unserscore '_'. - * It's used to create the object-specific-role-names like test_customer#abc:ADMIN - here 'abc' is the idName. + * It's used to create the object-specific-role-names like rbactest.customer#abc:ADMIN - here 'abc' is the idName. * The idName not necessarily unique in a table, but it should be avoided. *

* @@ -287,9 +287,9 @@ public class RbacView { * @param * a JPA entity class extending RbacObject */ - public RbacView importRootEntityAliasProxy( + public > RbacView importRootEntityAliasProxy( final String aliasName, - final Class entityClass, + final Class> entityClass, final ColumnValue forCase, final SQL fetchSql, final Column dependsOnColum) { @@ -313,7 +313,7 @@ public class RbacView { * a JPA entity class extending RbacObject */ public RbacView importSubEntityAlias( - final String aliasName, final Class entityClass, + final String aliasName, final Class> entityClass, final SQL fetchSql, final Column dependsOnColum) { importEntityAliasImpl(aliasName, entityClass, usingDefaultCase(), fetchSql, dependsOnColum, true, NOT_NULL); return this; @@ -350,14 +350,14 @@ public class RbacView { * a JPA entity class extending RbacObject */ public RbacView importEntityAlias( - final String aliasName, final Class entityClass, final ColumnValue usingCase, + final String aliasName, final Class> entityClass, final ColumnValue usingCase, final Column dependsOnColum, final SQL fetchSql, final Nullable nullable) { importEntityAliasImpl(aliasName, entityClass, usingCase, fetchSql, dependsOnColum, false, nullable); return this; } private EntityAlias importEntityAliasImpl( - final String aliasName, final Class entityClass, final ColumnValue usingCase, + final String aliasName, final Class> entityClass, final ColumnValue usingCase, final SQL fetchSql, final Column dependsOnColum, boolean asSubEntity, final Nullable nullable) { final var entityAlias = ofNullable(entityAliases.get(aliasName)) @@ -911,13 +911,13 @@ public class RbacView { return distinctGrantDef; } - record EntityAlias(String aliasName, Class entityClass, ColumnValue usingCase, SQL fetchSql, Column dependsOnColum, boolean isSubEntity, Nullable nullable) { + record EntityAlias(String aliasName, Class> entityClass, ColumnValue usingCase, SQL fetchSql, Column dependsOnColum, boolean isSubEntity, Nullable nullable) { public EntityAlias(final String aliasName) { this(aliasName, null, null, null, null, false, null); } - public EntityAlias(final String aliasName, final Class entityClass) { + public EntityAlias(final String aliasName, final Class> entityClass) { this(aliasName, entityClass, null, null, null, false, null); } @@ -964,7 +964,7 @@ public class RbacView { if ( aliasName.equals("rbac.global")) { return "rbac.global"; // TODO: maybe we should introduce a GlobalEntity class? } - return withoutRvSuffix(entityClass.getAnnotation(Table.class).name()); + return qualifiedRealTableName(entityClass); } String getRawTableSchemaPrefix() { @@ -1010,8 +1010,12 @@ public class RbacView { } } - public static String withoutRvSuffix(final String tableName) { - return tableName.substring(0, tableName.length() - "_rv".length()); + public static String qualifiedRealTableName(final Class> entityClass) { + final var tableAnnotation = entityClass.getAnnotation(Table.class); + final var schema = tableAnnotation.schema(); + final var tableName = tableAnnotation.name(); + final var realTableName = tableName.substring(0, tableName.length() - "_rv".length()); + return (schema.isEmpty() ? "" : (schema + ".")) + realTableName; } public enum Role { diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacViewPostgresGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacViewPostgresGenerator.java index b4c6dfb4..a8a4ba3b 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacViewPostgresGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacViewPostgresGenerator.java @@ -17,7 +17,7 @@ public class RbacViewPostgresGenerator { public RbacViewPostgresGenerator(final RbacView forRbacDef) { rbacDef = forRbacDef; - liqibaseTagPrefix = rbacDef.getRootEntityAlias().getRawTableNameWithSchema().replace("_", "-"); + liqibaseTagPrefix = rbacDef.getRootEntityAlias().getRawTableNameWithSchema().replace("_", "-").replace(".", "-"); plPgSql.writeLn(""" --liquibase formatted sql -- This code generated was by ${generator}, do not amend manually. diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java index caa46eaf..d183b181 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java @@ -516,7 +516,7 @@ class RolesGrantsAndPermissionsGenerator { /* AFTER INSERT TRIGGER to create the role+grant structure for a new ${rawTableName} row. */ - + create or replace function insertTriggerFor${simpleEntityName}_tf() returns trigger language plpgsql @@ -525,7 +525,7 @@ class RolesGrantsAndPermissionsGenerator { call buildRbacSystemFor${simpleEntityName}(NEW); return NEW; end; $$; - + create trigger insertTriggerFor${simpleEntityName}_tg after insert on ${rawTableName} for each row diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/StringWriter.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/StringWriter.java index 346b8e4d..2b4c980e 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/StringWriter.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/StringWriter.java @@ -19,9 +19,11 @@ public class StringWriter { writeLn(); } - void writeLn(final String text, final VarDef... varDefs) { - string.append( indented( new VarReplacer(varDefs).apply(text) )); + String writeLn(final String text, final VarDef... varDefs) { + final var insertText = indented(new VarReplacer(varDefs).apply(text)); + string.append(insertText); writeLn(); + return insertText; } void writeLn() { diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramService.java b/src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramService.java index 05a343dc..ef3f1b88 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramService.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramService.java @@ -79,10 +79,10 @@ public class RbacGrantsDiagramService { return; } if ( !g.getDescendantIdName().startsWith("role:rbac.global")) { - if (!includes.contains(TEST_ENTITIES) && g.getDescendantIdName().contains(":test_")) { + if (!includes.contains(TEST_ENTITIES) && g.getDescendantIdName().contains(":rbactest.")) { return; } - if (!includes.contains(NON_TEST_ENTITIES) && !g.getDescendantIdName().contains(":test_")) { + if (!includes.contains(NON_TEST_ENTITIES) && !g.getDescendantIdName().contains(":rbactest.")) { return; } } diff --git a/src/main/resources/db/changelog/0-base/000-base-schema.sql b/src/main/resources/db/changelog/0-base/000-base-schema.sql index 921be5fa..5bff0950 100644 --- a/src/main/resources/db/changelog/0-base/000-base-schema.sql +++ b/src/main/resources/db/changelog/0-base/000-base-schema.sql @@ -4,5 +4,16 @@ -- ============================================================================ --changeset michael.hoennig:base-SCHEMA endDelimiter:--// -- ---------------------------------------------------------------------------- + +-- FIXME: remove this block +do $$ + declare + changesetCount int; + begin + changesetCount := (select count(*) from databasechangelog); + assert changesetCount = 0, 'total changesets executed: ' || changesetCount; + end; +$$; + CREATE SCHEMA base; --// diff --git a/src/main/resources/db/changelog/0-base/007-table-columns.sql b/src/main/resources/db/changelog/0-base/007-table-columns.sql index 55c744bd..49017e5d 100644 --- a/src/main/resources/db/changelog/0-base/007-table-columns.sql +++ b/src/main/resources/db/changelog/0-base/007-table-columns.sql @@ -6,15 +6,31 @@ --changeset michael.hoennig:table-columns-function endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace function base.tableColumnNames( tableName text ) +create or replace function base.tableColumnNames( ofTableName text ) returns text stable language 'plpgsql' as $$ -declare columns text[]; +declare + tableName text; + tableSchema text; + columns text[]; begin + tableSchema := CASE + WHEN position('.' in ofTableName) > 0 THEN split_part(ofTableName, '.', 1) + ELSE 'public' + END; + + tableName := CASE + WHEN position('.' in ofTableName) > 0 THEN split_part(ofTableName, '.', 2) + ELSE ofTableName + END; + columns := (select array(select column_name::text - from information_schema.columns - where table_name = tableName)); + from information_schema.columns + where table_name = tableName + and table_schema = tableSchema)); + assert cardinality(columns) > 0, 'cannot determine columns of table ' || ofTableName || + '("' || tableSchema || '"."' || tableName || '")'; return array_to_string(columns, ', '); end; $$ --// diff --git a/src/main/resources/db/changelog/0-base/010-context.sql b/src/main/resources/db/changelog/0-base/010-context.sql index 95318e9a..6340850b 100644 --- a/src/main/resources/db/changelog/0-base/010-context.sql +++ b/src/main/resources/db/changelog/0-base/010-context.sql @@ -127,6 +127,7 @@ begin end; $$; --// + -- ============================================================================ --changeset michael.hoennig:context-base.ASSUMED-ROLES endDelimiter:--// -- ---------------------------------------------------------------------------- diff --git a/src/main/resources/db/changelog/0-base/011-table-schema-and-name.sql b/src/main/resources/db/changelog/0-base/011-table-schema-and-name.sql new file mode 100644 index 00000000..baf4a87d --- /dev/null +++ b/src/main/resources/db/changelog/0-base/011-table-schema-and-name.sql @@ -0,0 +1,18 @@ +--liquibase formatted sql + + +-- ============================================================================ +--changeset michael.hoennig:base-COMBINE-TABLE-SCHEMA-AND-NAME endDelimiter:--// +-- ---------------------------------------------------------------------------- + +create or replace function base.combine_table_schema_and_name(tableSchema name, tableName name) + returns text + language plpgsql as $$ +begin + if tableSchema is null or tableSchema = 'public' or tableSchema = '' then + return tableName::text; + else + return tableSchema::text || '.' || tableName::text; + end if; +end; $$; +--// diff --git a/src/main/resources/db/changelog/0-base/020-audit-log.sql b/src/main/resources/db/changelog/0-base/020-audit-log.sql index cdf5b42c..569d8826 100644 --- a/src/main/resources/db/changelog/0-base/020-audit-log.sql +++ b/src/main/resources/db/changelog/0-base/020-audit-log.sql @@ -77,9 +77,11 @@ create or replace function base.tx_journal_trigger() declare curTask text; curTxId xid8; + tableSchemaAndName text; begin curTask := base.currentTask(); curTxId := pg_current_xact_id(); + tableSchemaAndName := base.combine_table_schema_and_name(tg_table_schema, tg_table_name); insert into base.tx_context (txId, txTimestamp, currentSubject, assumedRoles, currentTask, currentRequest) @@ -90,20 +92,20 @@ begin case tg_op when 'INSERT' then insert into base.tx_journal - values (curTxId, - tg_table_name, new.uuid, tg_op::base.tx_operation, + values (curTxId, tableSchemaAndName, + new.uuid, tg_op::base.tx_operation, to_jsonb(new)); when 'UPDATE' then insert into base.tx_journal - values (curTxId, - tg_table_name, old.uuid, tg_op::base.tx_operation, + values (curTxId, tableSchemaAndName, + old.uuid, tg_op::base.tx_operation, base.jsonb_changes_delta(to_jsonb(old), to_jsonb(new))); when 'DELETE' then insert into base.tx_journal - values (curTxId, - tg_table_name, old.uuid, 'DELETE'::base.tx_operation, + values (curTxId,tableSchemaAndName, + old.uuid, 'DELETE'::base.tx_operation, null::jsonb); - else raise exception 'Trigger op % not supported for %.', tg_op, tg_table_name; + else raise exception 'Trigger op % not supported for %.', tg_op, tableSchemaAndName; end case; return null; end; $$; diff --git a/src/main/resources/db/changelog/0-base/030-historization.sql b/src/main/resources/db/changelog/0-base/030-historization.sql index 888f5be9..e61671cc 100644 --- a/src/main/resources/db/changelog/0-base/030-historization.sql +++ b/src/main/resources/db/changelog/0-base/030-historization.sql @@ -81,8 +81,8 @@ begin "alive" := false; end if; - sql := format('INSERT INTO %3$I_ex VALUES (DEFAULT, pg_current_xact_id(), %1$L, %2$L, $1.*)', TG_OP, alive, TG_TABLE_NAME); - raise notice 'sql: %', sql; + sql := format('INSERT INTO %3$I_ex VALUES (DEFAULT, pg_current_xact_id(), %1$L, %2$L, $1.*)', + TG_OP, alive, base.combine_table_schema_and_name(tg_table_schema, tg_table_name)::name); execute sql using "row"; return "row"; diff --git a/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql index 99c76ccc..7db0db57 100644 --- a/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql +++ b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql @@ -20,7 +20,7 @@ begin return currentSubjectOrAssumedRolesUuids[1]; end; $$; -create or replace procedure rbac.grantRoleToSubjectUnchecked(grantedByRoleUuid uuid, grantedRoleUuid uuid, subjectUuid uuid, doAssume boolean = true) +create or replace procedure rbac.grantRoleToUserUnchecked(grantedByRoleUuid uuid, grantedRoleUuid uuid, subjectUuid uuid, doAssume boolean = true) language plpgsql as $$ begin perform rbac.assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'rbac.role'); diff --git a/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql b/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql index 1ac28119..c1736314 100644 --- a/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql +++ b/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql @@ -57,7 +57,7 @@ begin end if; foreach subjectUuid in array subjectUuids loop - call rbac.grantRoleToSubjectUnchecked(userGrantsByRoleUuid, roleUuid, subjectUuid); + call rbac.grantRoleToUserUnchecked(userGrantsByRoleUuid, roleUuid, subjectUuid); end loop; end if; diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql index cf62891f..98f291de 100644 --- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql +++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql @@ -158,8 +158,8 @@ do language plpgsql $$ call base.defineContext('creating fake test-realm admin users', null, null, null); admins = rbac.findRoleId(rbac.globalAdmin()); - call rbac.grantRoleToSubjectUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net')); - call rbac.grantRoleToSubjectUnchecked(admins, admins, rbac.create_subject('superuser-fran@hostsharing.net')); + call rbac.grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net')); + call rbac.grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-fran@hostsharing.net')); perform rbac.create_subject('selfregistered-user-drew@hostsharing.org'); perform rbac.create_subject('selfregistered-test-user@hostsharing.org'); end; diff --git a/src/main/resources/db/changelog/2-test/200-rbactest-schema.sql b/src/main/resources/db/changelog/2-test/200-rbactest-schema.sql new file mode 100644 index 00000000..e820c2d5 --- /dev/null +++ b/src/main/resources/db/changelog/2-test/200-rbactest-schema.sql @@ -0,0 +1,8 @@ +--liquibase formatted sql + + +-- ============================================================================ +--changeset michael.hoennig:rbactest-SCHEMA endDelimiter:--// +-- ---------------------------------------------------------------------------- +CREATE SCHEMA rbactest; -- just 'test' does not work, databasechangelog gets emptied or deleted +--// diff --git a/src/main/resources/db/changelog/db.changelog-master.yaml b/src/main/resources/db/changelog/db.changelog-master.yaml index 69072cf1..428daf4c 100644 --- a/src/main/resources/db/changelog/db.changelog-master.yaml +++ b/src/main/resources/db/changelog/db.changelog-master.yaml @@ -150,15 +150,17 @@ databaseChangeLog: - include: file: db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql - include: - file: db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql + file: db/changelog/6-hs-booking/630-booking-item/6300-hs-booking-item.sql - include: file: db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql - include: - file: db/changelog/6-hs-booking/630-booking-item/6208-hs-booking-item-test-data.sql + file: db/changelog/6-hs-booking/630-booking-item/6308-hs-booking-item-test-data.sql - include: file: db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql - include: file: db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql + - include: + file: db/changelog/7-hs-hosting/701-hosting-asset/7016-hs-hosting-asset-migration.sql - include: file: db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql - include: diff --git a/src/test/java/net/hostsharing/hsadminng/hs/migration/BaseOfficeDataImport.java b/src/test/java/net/hostsharing/hsadminng/hs/migration/BaseOfficeDataImport.java index 62427802..c8f107f1 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/migration/BaseOfficeDataImport.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/migration/BaseOfficeDataImport.java @@ -17,7 +17,6 @@ import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelation; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealEntity; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType; import net.hostsharing.hsadminng.hs.office.sepamandate.HsOfficeSepaMandateEntity; -import net.hostsharing.hsadminng.rbac.object.BaseEntity; import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.StringUtils; import org.junit.jupiter.api.BeforeAll; @@ -615,7 +614,7 @@ public abstract class BaseOfficeDataImport extends CsvDataImport { jpaAttempt.transacted(() -> { context(rbacSuperuser); contacts.forEach(this::persist); - updateLegacyIds(contacts, "hs_office_contact_legacy_id", "contact_id"); + updateLegacyIds(contacts, "hs_office_contact_legacy_id", "contact_id"); }).assertSuccessful(); jpaAttempt.transacted(() -> { @@ -699,24 +698,6 @@ public abstract class BaseOfficeDataImport extends CsvDataImport { assumeThat(partners.size()).isLessThanOrEqualTo(MAX_NUMBER_OF_TEST_DATA_PARTNERS); } - private void updateLegacyIds( - Map entities, - final String legacyIdTable, - final String legacyIdColumn) { - em.flush(); - entities.forEach((id, entity) -> em.createNativeQuery(""" - UPDATE ${legacyIdTable} - SET ${legacyIdColumn} = :legacyId - WHERE uuid = :uuid - """ - .replace("${legacyIdTable}", legacyIdTable) - .replace("${legacyIdColumn}", legacyIdColumn)) - .setParameter("legacyId", id) - .setParameter("uuid", entity.getUuid()) - .executeUpdate() - ); - } - @Test @Order(9999) @ContinueOnFailure diff --git a/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java b/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java index 7230cfff..66cfc5e7 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java @@ -334,6 +334,24 @@ public class CsvDataImport extends ContextBasedTest { errors.clear(); assertThat(errorsToLog).isEmpty(); } + + protected void updateLegacyIds( + Map entities, + final String legacyIdTable, + final String legacyIdColumn) { + em.flush(); + entities.forEach((id, entity) -> em.createNativeQuery(""" + UPDATE ${legacyIdTable} + SET ${legacyIdColumn} = :legacyId + WHERE uuid = :uuid + """ + .replace("${legacyIdTable}", legacyIdTable) + .replace("${legacyIdColumn}", legacyIdColumn)) + .setParameter("legacyId", id) + .setParameter("uuid", entity.getUuid()) + .executeUpdate() + ); + } } class Columns { diff --git a/src/test/java/net/hostsharing/hsadminng/hs/migration/ImportHostingAssets.java b/src/test/java/net/hostsharing/hsadminng/hs/migration/ImportHostingAssets.java index d3ed3407..e8d510d9 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/migration/ImportHostingAssets.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/migration/ImportHostingAssets.java @@ -47,12 +47,12 @@ import java.util.concurrent.atomic.AtomicInteger; import java.util.concurrent.atomic.AtomicReference; import java.util.function.Function; import java.util.regex.Pattern; -import java.util.stream.Collectors; import static java.util.Arrays.stream; import static java.util.Map.entry; import static java.util.Map.ofEntries; import static java.util.Optional.ofNullable; +import static java.util.stream.Collectors.joining; import static java.util.stream.Collectors.toMap; import static java.util.stream.Collectors.toSet; import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.CLOUD_SERVER; @@ -938,6 +938,132 @@ public class ImportHostingAssets extends BaseOfficeDataImport { @Test @Order(19930) + void verifyCloudServerLegacyIds() { + assumeThatWeAreImportingControlledTestData(); + assertThat(fetchHosingAssetLegacyIds(CLOUD_SERVER)).isEqualTo(""" + 23611 + """.trim()); + assertThat(missingHostingAsstLegacyIds(CLOUD_SERVER)).isEmpty(); + } + + @Test + @Order(19931) + void verifyManagedServerLegacyIds() { + assumeThatWeAreImportingControlledTestData(); + assertThat(fetchHosingAssetLegacyIds(MANAGED_SERVER)).isEqualTo(""" + 10968 + 10978 + 11061 + 11447 + """.trim()); + assertThat(missingHostingAsstLegacyIds(MANAGED_SERVER)).isEmpty(); + } + + @Test + @Order(19932) + void verifyManagedWebspaceLegacyIds() { + assumeThatWeAreImportingControlledTestData(); + assertThat(fetchHosingAssetLegacyIds(MANAGED_WEBSPACE)).isEqualTo(""" + 10630 + 11094 + 11111 + 11112 + 19959 + """.trim()); + assertThat(missingHostingAsstLegacyIds(MANAGED_WEBSPACE)).isEmpty(); + } + + @Test + @Order(19933) + void verifyUnixUserLegacyIds() { + assumeThatWeAreImportingControlledTestData(); + assertThat(fetchHosingAssetLegacyIds(UNIX_USER)).isEqualTo(""" + 5803 + 5805 + 5809 + 5811 + 5813 + 5835 + 5961 + 5964 + 5966 + 5990 + 6705 + 6824 + 7846 + 9546 + 9596 + """.trim()); + assertThat(missingHostingAsstLegacyIds(UNIX_USER)).isEmpty(); + } + + @Test + @Order(19934) + void verifyPgSqlDbLegacyIds() { + assumeThatWeAreImportingControlledTestData(); + assertThat(fetchHosingAssetLegacyIds(PGSQL_DATABASE)).isEqualTo(""" + 1077 + 1858 + 1860 + 4931 + 4932 + 7522 + 7523 + 7605 + """.trim()); + assertThat(missingHostingAsstLegacyIds(PGSQL_DATABASE)).isEmpty(); + } + + @Test + @Order(19934) + void verifyPgSqlUserLegacyIds() { + assumeThatWeAreImportingControlledTestData(); + assertThat(fetchHosingAssetLegacyIds(PGSQL_USER)).isEqualTo(""" + 1857 + 1859 + 1860 + 1861 + 4931 + 7522 + 7605 + """.trim()); + assertThat(missingHostingAsstLegacyIds(PGSQL_USER)).isEmpty(); + } + + @Test + @Order(19935) + void verifyMariaDbLegacyIds() { + assumeThatWeAreImportingControlledTestData(); + assertThat(fetchHosingAssetLegacyIds(MARIADB_DATABASE)).isEqualTo(""" + 1786 + 1805 + 4908 + 4941 + 4942 + 7520 + 7521 + 7604 + """.trim()); + assertThat(missingHostingAsstLegacyIds(MARIADB_DATABASE)).isEmpty(); + } + + @Test + @Order(19936) + void verifyMariaDbUserLegacyIds() { + assumeThatWeAreImportingControlledTestData(); + assertThat(fetchHosingAssetLegacyIds(MARIADB_USER)).isEqualTo(""" + 1858 + 4908 + 4909 + 4932 + 7520 + 7604 + """.trim()); + assertThat(missingHostingAsstLegacyIds(MARIADB_USER)).isEmpty(); + } + + @Test + @Order(19940) void verifyProjectAgentsCanViewEmailAddresses() { assumeThatWeAreImportingControlledTestData(); @@ -949,6 +1075,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport { assertThat(haCount).isEqualTo(68); } + // ============================================================================================ @Test @@ -1006,6 +1133,11 @@ public class ImportHostingAssets extends BaseOfficeDataImport { } ).assertSuccessful() ); + + jpaAttempt.transacted(() -> { + context(rbacSuperuser); + updateLegacyIds(assets, "hs_hosting_asset_legacy_id", "legacy_id"); + }).assertSuccessful(); } private void verifyActuallyPersistedHostingAssetCount( @@ -1610,7 +1742,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport { //noinspection unchecked zoneData.put("user-RR", ((ArrayList>) zoneData.get("user-RR")).stream() - .map(userRR -> userRR.stream().map(Object::toString).collect(Collectors.joining(" "))) + .map(userRR -> userRR.stream().map(Object::toString).collect(joining(" "))) .toArray(String[]::new) ); domainDnsSetupAsset.getConfig().putAll(zoneData); @@ -1758,4 +1890,35 @@ public class ImportHostingAssets extends BaseOfficeDataImport { protected static void assumeThatWeAreImportingControlledTestData() { assumeThat(isImportingControlledTestData()).isTrue(); } + + private String fetchHosingAssetLegacyIds(final HsHostingAssetType type) { + //noinspection unchecked + return ((List>) em.createNativeQuery( + """ + SELECT li.* FROM hs_hosting_asset_legacy_id li + JOIN hs_hosting_asset ha ON ha.uuid=li.uuid + WHERE CAST(ha.type AS text)=:type + ORDER BY legacy_id + """, + List.class) + .setParameter("type", type.name()) + .getResultList() + ).stream().map(row -> row.get(1).toString()).collect(joining("\n")); + } + + private String missingHostingAsstLegacyIds(final HsHostingAssetType type) { + //noinspection unchecked + return ((List>) em.createNativeQuery( + """ + SELECT ha.uuid, ha.type, ha.identifier FROM hs_hosting_asset ha + JOIN hs_hosting_asset_legacy_id li ON li.uuid=ha.uuid + WHERE li.legacy_id is null AND CAST(ha.type AS text)=:type + ORDER BY li.legacy_id + """, + List.class) + .setParameter("type", type.name()) + .getResultList()).stream() + .map(row -> row.stream().map(Object::toString).collect(joining(", "))) + .collect(joining("\n")); + } } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantControllerAcceptanceTest.java index 16a08fdc..5906f3e3 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantControllerAcceptanceTest.java @@ -71,16 +71,16 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { .body("", hasItem( allOf( // TODO: should there be a grantedByRole or just a grantedByTrigger? - hasEntry("grantedByRoleIdName", "test_customer#xxx:OWNER"), - hasEntry("grantedRoleIdName", "test_customer#xxx:ADMIN"), + hasEntry("grantedByRoleIdName", "rbactest.customer#xxx:OWNER"), + hasEntry("grantedRoleIdName", "rbactest.customer#xxx:ADMIN"), hasEntry("granteeSubjectName", "customer-admin@xxx.example.com") ) )) .body("", hasItem( allOf( // TODO: should there be a grantedByRole or just a grantedByTrigger? - hasEntry("grantedByRoleIdName", "test_customer#yyy:OWNER"), - hasEntry("grantedRoleIdName", "test_customer#yyy:ADMIN"), + hasEntry("grantedByRoleIdName", "rbactest.customer#yyy:OWNER"), + hasEntry("grantedRoleIdName", "rbactest.customer#yyy:ADMIN"), hasEntry("granteeSubjectName", "customer-admin@yyy.example.com") ) )) @@ -93,15 +93,15 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { )) .body("", hasItem( allOf( - hasEntry("grantedByRoleIdName", "test_customer#xxx:ADMIN"), - hasEntry("grantedRoleIdName", "test_package#xxx00:ADMIN"), + hasEntry("grantedByRoleIdName", "rbactest.customer#xxx:ADMIN"), + hasEntry("grantedRoleIdName", "rbactest.package#xxx00:ADMIN"), hasEntry("granteeSubjectName", "pac-admin-xxx00@xxx.example.com") ) )) .body("", hasItem( allOf( - hasEntry("grantedByRoleIdName", "test_customer#zzz:ADMIN"), - hasEntry("grantedRoleIdName", "test_package#zzz02:ADMIN"), + hasEntry("grantedByRoleIdName", "rbactest.customer#zzz:ADMIN"), + hasEntry("grantedRoleIdName", "rbactest.package#zzz02:ADMIN"), hasEntry("granteeSubjectName", "pac-admin-zzz02@zzz.example.com") ) )) @@ -114,7 +114,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { RestAssured // @formatter:off .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "test_package#yyy00:ADMIN") + .header("assumed-roles", "rbactest.package#yyy00:ADMIN") .port(port) .when() .get("http://localhost/api/rbac/grants") @@ -123,8 +123,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { .contentType("application/json") .body("", hasItem( allOf( - hasEntry("grantedByRoleIdName", "test_customer#yyy:ADMIN"), - hasEntry("grantedRoleIdName", "test_package#yyy00:ADMIN"), + hasEntry("grantedByRoleIdName", "rbactest.customer#yyy:ADMIN"), + hasEntry("grantedRoleIdName", "rbactest.package#yyy00:ADMIN"), hasEntry("granteeSubjectName", "pac-admin-yyy00@yyy.example.com") ) )) @@ -145,13 +145,13 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { .contentType("application/json") .body("", hasItem( allOf( - hasEntry("grantedByRoleIdName", "test_customer#yyy:ADMIN"), - hasEntry("grantedRoleIdName", "test_package#yyy00:ADMIN"), + hasEntry("grantedByRoleIdName", "rbactest.customer#yyy:ADMIN"), + hasEntry("grantedRoleIdName", "rbactest.package#yyy00:ADMIN"), hasEntry("granteeSubjectName", "pac-admin-yyy00@yyy.example.com") ) )) - .body("[0].grantedByRoleIdName", is("test_customer#yyy:ADMIN")) - .body("[0].grantedRoleIdName", is("test_package#yyy00:ADMIN")) + .body("[0].grantedByRoleIdName", is("rbactest.customer#yyy:ADMIN")) + .body("[0].grantedRoleIdName", is("rbactest.package#yyy00:ADMIN")) .body("[0].granteeSubjectName", is("pac-admin-yyy00@yyy.example.com")); // @formatter:on } @@ -165,7 +165,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givencurrentSubjectAsPackageAdmin = new Subject("customer-admin@xxx.example.com"); final var givenGranteeUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com"); - final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN"); + final var givenGrantedRole = getRbacRoleByName("rbactest.package#xxx00:ADMIN"); // when final var grant = givencurrentSubjectAsPackageAdmin.getGrantById() @@ -174,8 +174,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // then grant.assertThat() .statusCode(200) - .body("grantedByRoleIdName", is("test_customer#xxx:ADMIN")) - .body("grantedRoleIdName", is("test_package#xxx00:ADMIN")) + .body("grantedByRoleIdName", is("rbactest.customer#xxx:ADMIN")) + .body("grantedRoleIdName", is("rbactest.package#xxx00:ADMIN")) .body("granteeSubjectName", is("pac-admin-xxx00@xxx.example.com")); } @@ -184,7 +184,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com"); final var givenGranteeUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com"); - final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN"); + final var givenGrantedRole = getRbacRoleByName("rbactest.package#xxx00:ADMIN"); // when final var grant = givencurrentSubjectAsPackageAdmin.getGrantById() @@ -193,8 +193,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // then grant.assertThat() .statusCode(200) - .body("grantedByRoleIdName", is("test_customer#xxx:ADMIN")) - .body("grantedRoleIdName", is("test_package#xxx00:ADMIN")) + .body("grantedByRoleIdName", is("rbactest.customer#xxx:ADMIN")) + .body("grantedRoleIdName", is("rbactest.package#xxx00:ADMIN")) .body("granteeSubjectName", is("pac-admin-xxx00@xxx.example.com")); } @@ -203,9 +203,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givencurrentSubjectAsPackageAdmin = new Subject( "pac-admin-xxx00@xxx.example.com", - "test_package#xxx00:ADMIN"); + "rbactest.package#xxx00:ADMIN"); final var givenGranteeUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com"); - final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN"); + final var givenGrantedRole = getRbacRoleByName("rbactest.package#xxx00:ADMIN"); // when final var grant = givencurrentSubjectAsPackageAdmin.getGrantById() @@ -214,8 +214,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // then grant.assertThat() .statusCode(200) - .body("grantedByRoleIdName", is("test_customer#xxx:ADMIN")) - .body("grantedRoleIdName", is("test_package#xxx00:ADMIN")) + .body("grantedByRoleIdName", is("rbactest.customer#xxx:ADMIN")) + .body("grantedRoleIdName", is("rbactest.package#xxx00:ADMIN")) .body("granteeSubjectName", is("pac-admin-xxx00@xxx.example.com")); } @@ -225,9 +225,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givencurrentSubjectAsPackageAdmin = new Subject( "pac-admin-xxx00@xxx.example.com", - "test_package#xxx00:TENANT"); + "rbactest.package#xxx00:TENANT"); final var givenGranteeUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com"); - final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN"); + final var givenGrantedRole = getRbacRoleByName("rbactest.package#xxx00:ADMIN"); final var grant = givencurrentSubjectAsPackageAdmin.getGrantById() .forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser); @@ -245,7 +245,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givenNewUser = createRbacSubject(); - final var givenRoleToGrant = "test_package#xxx00:ADMIN"; + final var givenRoleToGrant = "rbactest.package#xxx00:ADMIN"; final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); final var givenOwnPackageAdminRole = getRbacRoleByName(givencurrentSubjectAsPackageAdmin.assumedRole); @@ -258,9 +258,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // then response.assertThat() .statusCode(201) - .body("grantedByRoleIdName", is("test_package#xxx00:ADMIN")) + .body("grantedByRoleIdName", is("rbactest.package#xxx00:ADMIN")) .body("assumed", is(true)) - .body("grantedRoleIdName", is("test_package#xxx00:ADMIN")) + .body("grantedRoleIdName", is("rbactest.package#xxx00:ADMIN")) .body("granteeSubjectName", is(givenNewUser.getName())); assertThat(findAllGrantsOf(givencurrentSubjectAsPackageAdmin)) .extracting(RbacGrantEntity::toDisplay) @@ -274,9 +274,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givenNewUser = createRbacSubject(); - final var givenRoleToGrant = "test_package#xxx00:ADMIN"; + final var givenRoleToGrant = "rbactest.package#xxx00:ADMIN"; final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); - final var givenAlienPackageAdminRole = getRbacRoleByName("test_package#yyy00:ADMIN"); + final var givenAlienPackageAdminRole = getRbacRoleByName("rbactest.package#yyy00:ADMIN"); // when final var result = givencurrentSubjectAsPackageAdmin @@ -287,7 +287,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { result.assertThat() .statusCode(403) .body("message", containsString("Access to granted role")) - .body("message", containsString("forbidden for test_package#xxx00:ADMIN")); + .body("message", containsString("forbidden for rbactest.package#xxx00:ADMIN")); assertThat(findAllGrantsOf(givencurrentSubjectAsPackageAdmin)) .extracting(RbacGrantEntity::getGranteeSubjectName) .doesNotContain(givenNewUser.getName()); @@ -303,9 +303,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givenArbitraryUser = createRbacSubject(); - final var givenRoleToGrant = "test_package#xxx00:ADMIN"; + final var givenRoleToGrant = "rbactest.package#xxx00:ADMIN"; final var givenCurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); - final var givenOwnPackageAdminRole = getRbacRoleByName("test_package#xxx00:ADMIN"); + final var givenOwnPackageAdminRole = getRbacRoleByName("rbactest.package#xxx00:ADMIN"); // and given an existing grant assumeCreated(givenCurrentSubjectAsPackageAdmin diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantRepositoryIntegrationTest.java index e9c29afe..f4df3c6d 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantRepositoryIntegrationTest.java @@ -67,7 +67,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { // then exactlyTheseRbacGrantsAreReturned( result, - "{ grant role:test_package#xxx00:ADMIN to user:pac-admin-xxx00@xxx.example.com by role:test_customer#xxx:ADMIN and assume }"); + "{ grant role:rbactest.package#xxx00:ADMIN to user:pac-admin-xxx00@xxx.example.com by role:rbactest.customer#xxx:ADMIN and assume }"); } @Test @@ -81,16 +81,16 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { // then exactlyTheseRbacGrantsAreReturned( result, - "{ grant role:test_customer#xxx:ADMIN to user:customer-admin@xxx.example.com by role:test_customer#xxx:OWNER and assume }", - "{ grant role:test_package#xxx00:ADMIN to user:pac-admin-xxx00@xxx.example.com by role:test_customer#xxx:ADMIN and assume }", - "{ grant role:test_package#xxx01:ADMIN to user:pac-admin-xxx01@xxx.example.com by role:test_customer#xxx:ADMIN and assume }", - "{ grant role:test_package#xxx02:ADMIN to user:pac-admin-xxx02@xxx.example.com by role:test_customer#xxx:ADMIN and assume }"); + "{ grant role:rbactest.customer#xxx:ADMIN to user:customer-admin@xxx.example.com by role:rbactest.customer#xxx:OWNER and assume }", + "{ grant role:rbactest.package#xxx00:ADMIN to user:pac-admin-xxx00@xxx.example.com by role:rbactest.customer#xxx:ADMIN and assume }", + "{ grant role:rbactest.package#xxx01:ADMIN to user:pac-admin-xxx01@xxx.example.com by role:rbactest.customer#xxx:ADMIN and assume }", + "{ grant role:rbactest.package#xxx02:ADMIN to user:pac-admin-xxx02@xxx.example.com by role:rbactest.customer#xxx:ADMIN and assume }"); } @Test public void customerAdmin_withAssumedRole_canOnlyViewRbacGrantsVisibleByAssumedRole() { // given: - context("customer-admin@xxx.example.com", "test_package#xxx00:ADMIN"); + context("customer-admin@xxx.example.com", "rbactest.package#xxx00:ADMIN"); // when final var result = rbacGrantRepository.findAll(); @@ -98,7 +98,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { // then exactlyTheseRbacGrantsAreReturned( result, - "{ grant role:test_package#xxx00:ADMIN to user:pac-admin-xxx00@xxx.example.com by role:test_customer#xxx:ADMIN and assume }"); + "{ grant role:rbactest.package#xxx00:ADMIN to user:pac-admin-xxx00@xxx.example.com by role:rbactest.customer#xxx:ADMIN and assume }"); } } @@ -108,9 +108,9 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { @Test public void customerAdmin_canGrantOwnPackageAdminRole_toArbitraryUser() { // given - context("customer-admin@xxx.example.com", "test_customer#xxx:ADMIN"); + context("customer-admin@xxx.example.com", "rbactest.customer#xxx:ADMIN"); final var givenArbitrarySubjectUuid = rbacSubjectRepository.findByName("pac-admin-zzz00@zzz.example.com").getUuid(); - final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName("test_package#xxx00:ADMIN").getUuid(); + final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName("rbactest.package#xxx00:ADMIN").getUuid(); // when final var grant = RbacGrantEntity.builder() @@ -126,7 +126,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { assertThat(rbacGrantRepository.findAll()) .extracting(RbacGrantEntity::toDisplay) .contains( - "{ grant role:test_package#xxx00:ADMIN to user:pac-admin-zzz00@zzz.example.com by role:test_customer#xxx:ADMIN and assume }"); + "{ grant role:rbactest.package#xxx00:ADMIN to user:pac-admin-zzz00@zzz.example.com by role:rbactest.customer#xxx:ADMIN and assume }"); } @Test @@ -139,14 +139,14 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { context("customer-admin@xxx.example.com", null); return new Given( createNewUser(), - rbacRoleRepository.findByRoleName("test_package#xxx00:OWNER").getUuid() + rbacRoleRepository.findByRoleName("rbactest.package#xxx00:OWNER").getUuid() ); }).assumeSuccessful().returnedValue(); // when final var attempt = jpaAttempt.transacted(() -> { // now we try to use these uuids as a less privileged user - context("pac-admin-xxx00@xxx.example.com", "test_package#xxx00:ADMIN"); + context("pac-admin-xxx00@xxx.example.com", "rbactest.package#xxx00:ADMIN"); final var grant = RbacGrantEntity.builder() .granteeSubjectUuid(given.arbitraryUser.getUuid()) .grantedRoleUuid(given.packageOwnerRoleUuid) @@ -158,8 +158,8 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { // then attempt.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "ERROR: [403] Access to granted role test_package#xxx00:OWNER", - "forbidden for test_package#xxx00:ADMIN"); + "ERROR: [403] Access to granted role rbactest.package#xxx00:OWNER", + "forbidden for rbactest.package#xxx00:ADMIN"); jpaAttempt.transacted(() -> { // finally, we use the new user to make sure, no roles were granted context(given.arbitraryUser.getName(), null); @@ -176,16 +176,16 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { public void customerAdmin_canRevokeSelfGrantedPackageAdminRole() { // given final var grant = create(grant() - .byUser("customer-admin@xxx.example.com").withAssumedRole("test_customer#xxx:ADMIN") - .grantingRole("test_package#xxx00:ADMIN").toUser("pac-admin-zzz00@zzz.example.com")); + .byUser("customer-admin@xxx.example.com").withAssumedRole("rbactest.customer#xxx:ADMIN") + .grantingRole("rbactest.package#xxx00:ADMIN").toUser("pac-admin-zzz00@zzz.example.com")); // when - context("customer-admin@xxx.example.com", "test_customer#xxx:ADMIN"); + context("customer-admin@xxx.example.com", "rbactest.customer#xxx:ADMIN"); final var revokeAttempt = attempt(em, () -> rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId())); // then - context("customer-admin@xxx.example.com", "test_customer#xxx:ADMIN"); + context("customer-admin@xxx.example.com", "rbactest.customer#xxx:ADMIN"); assertThat(revokeAttempt.caughtExceptionsRootCause()).isNull(); assertThat(rbacGrantRepository.findAll()) .extracting(RbacGrantEntity::getGranteeSubjectName) @@ -197,17 +197,17 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { // given final var newUser = createNewUserTransacted(); final var grant = create(grant() - .byUser("customer-admin@xxx.example.com").withAssumedRole("test_package#xxx00:ADMIN") - .grantingRole("test_package#xxx00:ADMIN").toUser(newUser.getName())); + .byUser("customer-admin@xxx.example.com").withAssumedRole("rbactest.package#xxx00:ADMIN") + .grantingRole("rbactest.package#xxx00:ADMIN").toUser(newUser.getName())); // when - context("pac-admin-xxx00@xxx.example.com", "test_package#xxx00:ADMIN"); + context("pac-admin-xxx00@xxx.example.com", "rbactest.package#xxx00:ADMIN"); final var revokeAttempt = attempt(em, () -> rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId())); // then assertThat(revokeAttempt.caughtExceptionsRootCause()).isNull(); - context("customer-admin@xxx.example.com", "test_customer#xxx:ADMIN"); + context("customer-admin@xxx.example.com", "rbactest.customer#xxx:ADMIN"); assertThat(rbacGrantRepository.findAll()) .extracting(RbacGrantEntity::getGranteeSubjectName) .doesNotContain("pac-admin-zzz00@zzz.example.com"); @@ -217,19 +217,19 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { public void packageAdmin_canNotRevokeOwnPackageAdminRoleGrantedByOwnerRoleOfThatPackage() { // given final var grant = create(grant() - .byUser("customer-admin@xxx.example.com").withAssumedRole("test_package#xxx00:OWNER") - .grantingRole("test_package#xxx00:ADMIN").toUser("pac-admin-zzz00@zzz.example.com")); - final var grantedByRole = rbacRoleRepository.findByRoleName("test_package#xxx00:OWNER"); + .byUser("customer-admin@xxx.example.com").withAssumedRole("rbactest.package#xxx00:OWNER") + .grantingRole("rbactest.package#xxx00:ADMIN").toUser("pac-admin-zzz00@zzz.example.com")); + final var grantedByRole = rbacRoleRepository.findByRoleName("rbactest.package#xxx00:OWNER"); // when - context("pac-admin-xxx00@xxx.example.com", "test_package#xxx00:ADMIN"); + context("pac-admin-xxx00@xxx.example.com", "rbactest.package#xxx00:ADMIN"); final var revokeAttempt = attempt(em, () -> rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId())); // then revokeAttempt.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "ERROR: [403] Revoking role created by %s is forbidden for {test_package#xxx00:ADMIN}.".formatted( + "ERROR: [403] Revoking role created by %s is forbidden for {rbactest.package#xxx00:ADMIN}.".formatted( grantedByRole.getUuid() )); } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java index 46dd8333..2f6dc3a9 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java @@ -54,36 +54,36 @@ class RbacGrantsDiagramServiceIntegrationTest extends ContextBasedTestWithCleanu @Test void allGrantsTocurrentSubject() { - context("superuser-alex@hostsharing.net", "test_domain#xxx00-aaaa:OWNER"); + context("superuser-alex@hostsharing.net", "rbactest.domain#xxx00-aaaa:OWNER"); final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.TEST_ENTITIES)); assertThat(graph).isEqualTo(""" flowchart TB - role:test_domain#xxx00-aaaa:ADMIN --> role:test_package#xxx00:TENANT - role:test_domain#xxx00-aaaa:OWNER --> role:test_domain#xxx00-aaaa:ADMIN - role:test_domain#xxx00-aaaa:OWNER --> role:test_package#xxx00:TENANT - role:test_package#xxx00:TENANT --> role:test_customer#xxx:TENANT + role:rbactest.domain#xxx00-aaaa:ADMIN --> role:rbactest.package#xxx00:TENANT + role:rbactest.domain#xxx00-aaaa:OWNER --> role:rbactest.domain#xxx00-aaaa:ADMIN + role:rbactest.domain#xxx00-aaaa:OWNER --> role:rbactest.package#xxx00:TENANT + role:rbactest.package#xxx00:TENANT --> role:rbactest.customer#xxx:TENANT """.trim()); } @Test void allGrantsTocurrentSubjectIncludingPermissions() { - context("superuser-alex@hostsharing.net", "test_domain#xxx00-aaaa:OWNER"); + context("superuser-alex@hostsharing.net", "rbactest.domain#xxx00-aaaa:OWNER"); final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.TEST_ENTITIES, Include.PERMISSIONS)); assertThat(graph).isEqualTo(""" flowchart TB - role:test_customer#xxx:TENANT --> perm:test_customer#xxx:SELECT - role:test_domain#xxx00-aaaa:ADMIN --> perm:test_domain#xxx00-aaaa:SELECT - role:test_domain#xxx00-aaaa:ADMIN --> role:test_package#xxx00:TENANT - role:test_domain#xxx00-aaaa:OWNER --> perm:test_domain#xxx00-aaaa:DELETE - role:test_domain#xxx00-aaaa:OWNER --> perm:test_domain#xxx00-aaaa:UPDATE - role:test_domain#xxx00-aaaa:OWNER --> role:test_domain#xxx00-aaaa:ADMIN - role:test_domain#xxx00-aaaa:OWNER --> role:test_package#xxx00:TENANT - role:test_package#xxx00:TENANT --> perm:test_package#xxx00:SELECT - role:test_package#xxx00:TENANT --> role:test_customer#xxx:TENANT + role:rbactest.customer#xxx:TENANT --> perm:rbactest.customer#xxx:SELECT + role:rbactest.domain#xxx00-aaaa:ADMIN --> perm:rbactest.domain#xxx00-aaaa:SELECT + role:rbactest.domain#xxx00-aaaa:ADMIN --> role:rbactest.package#xxx00:TENANT + role:rbactest.domain#xxx00-aaaa:OWNER --> perm:rbactest.domain#xxx00-aaaa:DELETE + role:rbactest.domain#xxx00-aaaa:OWNER --> perm:rbactest.domain#xxx00-aaaa:UPDATE + role:rbactest.domain#xxx00-aaaa:OWNER --> role:rbactest.domain#xxx00-aaaa:ADMIN + role:rbactest.domain#xxx00-aaaa:OWNER --> role:rbactest.package#xxx00:TENANT + role:rbactest.package#xxx00:TENANT --> perm:rbactest.package#xxx00:SELECT + role:rbactest.package#xxx00:TENANT --> role:rbactest.customer#xxx:TENANT """.trim()); } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerAcceptanceTest.java index d9e2b248..43ff21ab 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerAcceptanceTest.java @@ -42,14 +42,14 @@ class RbacRoleControllerAcceptanceTest { .then().assertThat() .statusCode(200) .contentType("application/json") - .body("", hasItem(hasEntry("roleName", "test_customer#xxx:ADMIN"))) - .body("", hasItem(hasEntry("roleName", "test_customer#xxx:OWNER"))) - .body("", hasItem(hasEntry("roleName", "test_customer#xxx:TENANT"))) + .body("", hasItem(hasEntry("roleName", "rbactest.customer#xxx:ADMIN"))) + .body("", hasItem(hasEntry("roleName", "rbactest.customer#xxx:OWNER"))) + .body("", hasItem(hasEntry("roleName", "rbactest.customer#xxx:TENANT"))) // ... .body("", hasItem(hasEntry("roleName", "rbac.global#global:ADMIN"))) - .body("", hasItem(hasEntry("roleName", "test_customer#yyy:ADMIN"))) - .body("", hasItem(hasEntry("roleName", "test_package#yyy00:ADMIN"))) - .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa:OWNER"))) + .body("", hasItem(hasEntry("roleName", "rbactest.customer#yyy:ADMIN"))) + .body("", hasItem(hasEntry("roleName", "rbactest.package#yyy00:ADMIN"))) + .body("", hasItem(hasEntry("roleName", "rbactest.domain#yyy00-aaaa:OWNER"))) .body( "size()", greaterThanOrEqualTo(73)); // increases with new test data // @formatter:on } @@ -61,7 +61,7 @@ class RbacRoleControllerAcceptanceTest { RestAssured .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "test_package#yyy00:ADMIN") + .header("assumed-roles", "rbactest.package#yyy00:ADMIN") .port(port) .when() .get("http://localhost/api/rbac/roles") @@ -71,18 +71,18 @@ class RbacRoleControllerAcceptanceTest { .statusCode(200) .contentType("application/json") - .body("", hasItem(hasEntry("roleName", "test_customer#yyy:TENANT"))) - .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa:OWNER"))) - .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa:ADMIN"))) - .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaab:OWNER"))) - .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaab:ADMIN"))) - .body("", hasItem(hasEntry("roleName", "test_package#yyy00:ADMIN"))) - .body("", hasItem(hasEntry("roleName", "test_package#yyy00:TENANT"))) + .body("", hasItem(hasEntry("roleName", "rbactest.customer#yyy:TENANT"))) + .body("", hasItem(hasEntry("roleName", "rbactest.domain#yyy00-aaaa:OWNER"))) + .body("", hasItem(hasEntry("roleName", "rbactest.domain#yyy00-aaaa:ADMIN"))) + .body("", hasItem(hasEntry("roleName", "rbactest.domain#yyy00-aaab:OWNER"))) + .body("", hasItem(hasEntry("roleName", "rbactest.domain#yyy00-aaab:ADMIN"))) + .body("", hasItem(hasEntry("roleName", "rbactest.package#yyy00:ADMIN"))) + .body("", hasItem(hasEntry("roleName", "rbactest.package#yyy00:TENANT"))) - .body("", not(hasItem(hasEntry("roleName", "test_customer#xxx:TENANT")))) - .body("", not(hasItem(hasEntry("roleName", "test_domain#xxx00-aaaa:ADMIN")))) - .body("", not(hasItem(hasEntry("roleName", "test_package#xxx00:ADMIN")))) - .body("", not(hasItem(hasEntry("roleName", "test_package#xxx00:TENANT")))) + .body("", not(hasItem(hasEntry("roleName", "rbactest.customer#xxx:TENANT")))) + .body("", not(hasItem(hasEntry("roleName", "rbactest.domain#xxx00-aaaa:ADMIN")))) + .body("", not(hasItem(hasEntry("roleName", "rbactest.package#xxx00:ADMIN")))) + .body("", not(hasItem(hasEntry("roleName", "rbactest.package#xxx00:TENANT")))) ; // @formatter:on } @@ -101,15 +101,15 @@ class RbacRoleControllerAcceptanceTest { .statusCode(200) .contentType("application/json") - .body("", hasItem(hasEntry("roleName", "test_customer#zzz:TENANT"))) - .body("", hasItem(hasEntry("roleName", "test_domain#zzz00-aaaa:ADMIN"))) - .body("", hasItem(hasEntry("roleName", "test_package#zzz00:ADMIN"))) - .body("", hasItem(hasEntry("roleName", "test_package#zzz00:TENANT"))) + .body("", hasItem(hasEntry("roleName", "rbactest.customer#zzz:TENANT"))) + .body("", hasItem(hasEntry("roleName", "rbactest.domain#zzz00-aaaa:ADMIN"))) + .body("", hasItem(hasEntry("roleName", "rbactest.package#zzz00:ADMIN"))) + .body("", hasItem(hasEntry("roleName", "rbactest.package#zzz00:TENANT"))) - .body("", not(hasItem(hasEntry("roleName", "test_customer#yyy:TENANT")))) - .body("", not(hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa:ADMIN")))) - .body("", not(hasItem(hasEntry("roleName", "test_package#yyy00:ADMIN")))) - .body("", not(hasItem(hasEntry("roleName", "test_package#yyy00:TENANT")))); + .body("", not(hasItem(hasEntry("roleName", "rbactest.customer#yyy:TENANT")))) + .body("", not(hasItem(hasEntry("roleName", "rbactest.domain#yyy00-aaaa:ADMIN")))) + .body("", not(hasItem(hasEntry("roleName", "rbactest.package#yyy00:ADMIN")))) + .body("", not(hasItem(hasEntry("roleName", "rbactest.package#yyy00:TENANT")))); // @formatter:on } } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerRestTest.java index 1eb41370..2d3d74c7 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerRestTest.java @@ -74,8 +74,8 @@ class RbacRoleControllerRestTest { .andExpect(status().isOk()) .andExpect(jsonPath("$", hasSize(3))) .andExpect(jsonPath("$[0].roleName", is("rbac.global#global:ADMIN"))) - .andExpect(jsonPath("$[1].roleName", is("test_customer#xxx:OWNER"))) - .andExpect(jsonPath("$[2].roleName", is("test_customer#xxx:ADMIN"))) + .andExpect(jsonPath("$[1].roleName", is("rbactest.customer#xxx:OWNER"))) + .andExpect(jsonPath("$[2].roleName", is("rbactest.customer#xxx:ADMIN"))) .andExpect(jsonPath("$[2].uuid", is(customerXxxAdmin.getUuid().toString()))) .andExpect(jsonPath("$[2].objectUuid", is(customerXxxAdmin.getObjectUuid().toString()))) .andExpect(jsonPath("$[2].objectTable", is(customerXxxAdmin.getObjectTable().toString()))) diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleRepositoryIntegrationTest.java index d8b0cb80..7540777a 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleRepositoryIntegrationTest.java @@ -40,18 +40,18 @@ class RbacRoleRepositoryIntegrationTest { private static final String[] ALL_TEST_DATA_ROLES = Array.of( // @formatter:off "rbac.global#global:ADMIN", - "test_customer#xxx:ADMIN", "test_customer#xxx:OWNER", "test_customer#xxx:TENANT", - "test_package#xxx00:ADMIN", "test_package#xxx00:OWNER", "test_package#xxx00:TENANT", - "test_package#xxx01:ADMIN", "test_package#xxx01:OWNER", "test_package#xxx01:TENANT", - "test_package#xxx02:ADMIN", "test_package#xxx02:OWNER", "test_package#xxx02:TENANT", - "test_customer#yyy:ADMIN", "test_customer#yyy:OWNER", "test_customer#yyy:TENANT", - "test_package#yyy00:ADMIN", "test_package#yyy00:OWNER", "test_package#yyy00:TENANT", - "test_package#yyy01:ADMIN", "test_package#yyy01:OWNER", "test_package#yyy01:TENANT", - "test_package#yyy02:ADMIN", "test_package#yyy02:OWNER", "test_package#yyy02:TENANT", - "test_customer#zzz:ADMIN", "test_customer#zzz:OWNER", "test_customer#zzz:TENANT", - "test_package#zzz00:ADMIN", "test_package#zzz00:OWNER", "test_package#zzz00:TENANT", - "test_package#zzz01:ADMIN", "test_package#zzz01:OWNER", "test_package#zzz01:TENANT", - "test_package#zzz02:ADMIN", "test_package#zzz02:OWNER", "test_package#zzz02:TENANT" + "rbactest.customer#xxx:ADMIN", "rbactest.customer#xxx:OWNER", "rbactest.customer#xxx:TENANT", + "rbactest.package#xxx00:ADMIN", "rbactest.package#xxx00:OWNER", "rbactest.package#xxx00:TENANT", + "rbactest.package#xxx01:ADMIN", "rbactest.package#xxx01:OWNER", "rbactest.package#xxx01:TENANT", + "rbactest.package#xxx02:ADMIN", "rbactest.package#xxx02:OWNER", "rbactest.package#xxx02:TENANT", + "rbactest.customer#yyy:ADMIN", "rbactest.customer#yyy:OWNER", "rbactest.customer#yyy:TENANT", + "rbactest.package#yyy00:ADMIN", "rbactest.package#yyy00:OWNER", "rbactest.package#yyy00:TENANT", + "rbactest.package#yyy01:ADMIN", "rbactest.package#yyy01:OWNER", "rbactest.package#yyy01:TENANT", + "rbactest.package#yyy02:ADMIN", "rbactest.package#yyy02:OWNER", "rbactest.package#yyy02:TENANT", + "rbactest.customer#zzz:ADMIN", "rbactest.customer#zzz:OWNER", "rbactest.customer#zzz:TENANT", + "rbactest.package#zzz00:ADMIN", "rbactest.package#zzz00:OWNER", "rbactest.package#zzz00:TENANT", + "rbactest.package#zzz01:ADMIN", "rbactest.package#zzz01:OWNER", "rbactest.package#zzz01:TENANT", + "rbactest.package#zzz02:ADMIN", "rbactest.package#zzz02:OWNER", "rbactest.package#zzz02:TENANT" // @formatter:on ); @@ -91,49 +91,49 @@ class RbacRoleRepositoryIntegrationTest { allTheseRbacRolesAreReturned( result, // @formatter:off - "test_customer#xxx:ADMIN", - "test_customer#xxx:TENANT", - "test_package#xxx00:ADMIN", - "test_package#xxx00:OWNER", - "test_package#xxx00:TENANT", - "test_package#xxx01:ADMIN", - "test_package#xxx01:OWNER", - "test_package#xxx01:TENANT", + "rbactest.customer#xxx:ADMIN", + "rbactest.customer#xxx:TENANT", + "rbactest.package#xxx00:ADMIN", + "rbactest.package#xxx00:OWNER", + "rbactest.package#xxx00:TENANT", + "rbactest.package#xxx01:ADMIN", + "rbactest.package#xxx01:OWNER", + "rbactest.package#xxx01:TENANT", // ... - "test_domain#xxx00-aaaa:ADMIN", - "test_domain#xxx00-aaaa:OWNER", + "rbactest.domain#xxx00-aaaa:ADMIN", + "rbactest.domain#xxx00-aaaa:OWNER", // .. - "test_domain#xxx01-aaab:ADMIN", - "test_domain#xxx01-aaab:OWNER" + "rbactest.domain#xxx01-aaab:ADMIN", + "rbactest.domain#xxx01-aaab:OWNER" // @formatter:on ); noneOfTheseRbacRolesIsReturned( result, // @formatter:off "rbac.global#global:ADMIN", - "test_customer#xxx:OWNER", - "test_package#yyy00:ADMIN", - "test_package#yyy00:OWNER", - "test_package#yyy00:TENANT" + "rbactest.customer#xxx:OWNER", + "rbactest.package#yyy00:ADMIN", + "rbactest.package#yyy00:OWNER", + "rbactest.package#yyy00:TENANT" // @formatter:on ); } @Test public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnRbacRole() { - context.define("customer-admin@xxx.example.com", "test_package#xxx00:ADMIN"); + context.define("customer-admin@xxx.example.com", "rbactest.package#xxx00:ADMIN"); final var result = rbacRoleRepository.findAll(); exactlyTheseRbacRolesAreReturned( result, - "test_customer#xxx:TENANT", - "test_package#xxx00:ADMIN", - "test_package#xxx00:TENANT", - "test_domain#xxx00-aaaa:ADMIN", - "test_domain#xxx00-aaaa:OWNER", - "test_domain#xxx00-aaab:ADMIN", - "test_domain#xxx00-aaab:OWNER"); + "rbactest.customer#xxx:TENANT", + "rbactest.package#xxx00:ADMIN", + "rbactest.package#xxx00:TENANT", + "rbactest.domain#xxx00-aaaa:ADMIN", + "rbactest.domain#xxx00-aaaa:OWNER", + "rbactest.domain#xxx00-aaab:ADMIN", + "rbactest.domain#xxx00-aaab:OWNER"); } @Test @@ -157,10 +157,10 @@ class RbacRoleRepositoryIntegrationTest { void customerAdmin_withoutAssumedRole_canFindItsOwnRolesByName() { context.define("customer-admin@xxx.example.com"); - final var result = rbacRoleRepository.findByRoleName("test_customer#xxx:ADMIN"); + final var result = rbacRoleRepository.findByRoleName("rbactest.customer#xxx:ADMIN"); assertThat(result).isNotNull(); - assertThat(result.getObjectTable()).isEqualTo("test_customer"); + assertThat(result.getObjectTable()).isEqualTo("rbactest.customer"); assertThat(result.getObjectIdName()).isEqualTo("xxx"); assertThat(result.getRoleType()).isEqualTo(RbacRoleType.ADMIN); } @@ -169,7 +169,7 @@ class RbacRoleRepositoryIntegrationTest { void customerAdmin_withoutAssumedRole_canNotFindAlienRolesByName() { context.define("customer-admin@xxx.example.com"); - final var result = rbacRoleRepository.findByRoleName("test_customer#bbb:ADMIN"); + final var result = rbacRoleRepository.findByRoleName("rbactest.customer#bbb:ADMIN"); assertThat(result).isNull(); } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/role/TestRbacRole.java b/src/test/java/net/hostsharing/hsadminng/rbac/role/TestRbacRole.java index 8a8214cf..0307f9d4 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/role/TestRbacRole.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/role/TestRbacRole.java @@ -5,8 +5,8 @@ import static java.util.UUID.randomUUID; public class TestRbacRole { public static final RbacRoleEntity hostmasterRole = rbacRole("rbac.global", "global", RbacRoleType.ADMIN); - static final RbacRoleEntity customerXxxOwner = rbacRole("test_customer", "xxx", RbacRoleType.OWNER); - static final RbacRoleEntity customerXxxAdmin = rbacRole("test_customer", "xxx", RbacRoleType.ADMIN); + static final RbacRoleEntity customerXxxOwner = rbacRole("rbactest.customer", "xxx", RbacRoleType.OWNER); + static final RbacRoleEntity customerXxxAdmin = rbacRole("rbactest.customer", "xxx", RbacRoleType.ADMIN); static public RbacRoleEntity rbacRole(final String objectTable, final String objectIdName, final RbacRoleType roleType) { return new RbacRoleEntity(randomUUID(), randomUUID(), objectTable, objectIdName, roleType, objectTable+'#'+objectIdName+':'+roleType); diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerAcceptanceTest.java index e62d39c4..aa1bac97 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerAcceptanceTest.java @@ -100,7 +100,7 @@ class RbacSubjectControllerAcceptanceTest { RestAssured .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "test_customer#yyy:ADMIN") + .header("assumed-roles", "rbactest.customer#yyy:ADMIN") .port(port) .when() .get("http://localhost/api/rbac/subjects/" + givenUser.getUuid()) @@ -201,7 +201,7 @@ class RbacSubjectControllerAcceptanceTest { RestAssured .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "test_customer#yyy:ADMIN") + .header("assumed-roles", "rbactest.customer#yyy:ADMIN") .port(port) .when() .get("http://localhost/api/rbac/subjects") @@ -275,12 +275,12 @@ class RbacSubjectControllerAcceptanceTest { .contentType("application/json") .body("", hasItem( allOf( - hasEntry("roleName", "test_customer#yyy:TENANT"), + hasEntry("roleName", "rbactest.customer#yyy:TENANT"), hasEntry("op", "SELECT")) )) .body("", hasItem( allOf( - hasEntry("roleName", "test_domain#yyy00-aaaa:OWNER"), + hasEntry("roleName", "rbactest.domain#yyy00-aaaa:OWNER"), hasEntry("op", "DELETE")) )) // actual content tested in integration test, so this is enough for here: @@ -296,7 +296,7 @@ class RbacSubjectControllerAcceptanceTest { RestAssured .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "test_customer#yyy:ADMIN") + .header("assumed-roles", "rbactest.customer#yyy:ADMIN") .port(port) .when() .get("http://localhost/api/rbac/subjects/" + givenUser.getUuid() + "/permissions") @@ -305,12 +305,12 @@ class RbacSubjectControllerAcceptanceTest { .contentType("application/json") .body("", hasItem( allOf( - hasEntry("roleName", "test_customer#yyy:TENANT"), + hasEntry("roleName", "rbactest.customer#yyy:TENANT"), hasEntry("op", "SELECT")) )) .body("", hasItem( allOf( - hasEntry("roleName", "test_domain#yyy00-aaaa:OWNER"), + hasEntry("roleName", "rbactest.domain#yyy00-aaaa:OWNER"), hasEntry("op", "DELETE")) )) // actual content tested in integration test, so this is enough for here: @@ -334,12 +334,12 @@ class RbacSubjectControllerAcceptanceTest { .contentType("application/json") .body("", hasItem( allOf( - hasEntry("roleName", "test_customer#yyy:TENANT"), + hasEntry("roleName", "rbactest.customer#yyy:TENANT"), hasEntry("op", "SELECT")) )) .body("", hasItem( allOf( - hasEntry("roleName", "test_domain#yyy00-aaaa:OWNER"), + hasEntry("roleName", "rbactest.domain#yyy00-aaaa:OWNER"), hasEntry("op", "DELETE")) )) // actual content tested in integration test, so this is enough for here: diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepositoryIntegrationTest.java index d6e50c46..c60142d5 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepositoryIntegrationTest.java @@ -128,7 +128,7 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest { @Test public void globalAdmin_withAssumedCustomerAdminRole_canViewOnlyUsersHavingRolesInThatCustomersRealm() { given: - context("superuser-alex@hostsharing.net", "test_customer#xxx:ADMIN"); + context("superuser-alex@hostsharing.net", "rbactest.customer#xxx:ADMIN"); // when final var result = rbacSubjectRepository.findByOptionalNameLike(null); @@ -159,7 +159,7 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest { @Test public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyUsersHavingRolesInThatPackage() { - context("customer-admin@xxx.example.com", "test_package#xxx00:ADMIN"); + context("customer-admin@xxx.example.com", "rbactest.package#xxx00:ADMIN"); final var result = rbacSubjectRepository.findByOptionalNameLike(null); @@ -182,47 +182,47 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest { private static final String[] ALL_USER_PERMISSIONS = Array.of( // @formatter:off - "test_customer#xxx:ADMIN -> test_customer#xxx: SELECT", - "test_customer#xxx:OWNER -> test_customer#xxx: DELETE", - "test_customer#xxx:TENANT -> test_customer#xxx: SELECT", - "test_customer#xxx:ADMIN -> test_customer#xxx: INSERT:test_package", - "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain", - "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain", - "test_package#xxx00:TENANT -> test_package#xxx00: SELECT", - "test_package#xxx01:ADMIN -> test_package#xxx01: INSERT:test_domain", - "test_package#xxx01:ADMIN -> test_package#xxx01: INSERT:test_domain", - "test_package#xxx01:TENANT -> test_package#xxx01: SELECT", - "test_package#xxx02:ADMIN -> test_package#xxx02: INSERT:test_domain", - "test_package#xxx02:ADMIN -> test_package#xxx02: INSERT:test_domain", - "test_package#xxx02:TENANT -> test_package#xxx02: SELECT", + "rbactest.customer#xxx:ADMIN -> rbactest.customer#xxx: SELECT", + "rbactest.customer#xxx:OWNER -> rbactest.customer#xxx: DELETE", + "rbactest.customer#xxx:TENANT -> rbactest.customer#xxx: SELECT", + "rbactest.customer#xxx:ADMIN -> rbactest.customer#xxx: INSERT:rbactest.package", + "rbactest.package#xxx00:ADMIN -> rbactest.package#xxx00: INSERT:rbactest.domain", + "rbactest.package#xxx00:ADMIN -> rbactest.package#xxx00: INSERT:rbactest.domain", + "rbactest.package#xxx00:TENANT -> rbactest.package#xxx00: SELECT", + "rbactest.package#xxx01:ADMIN -> rbactest.package#xxx01: INSERT:rbactest.domain", + "rbactest.package#xxx01:ADMIN -> rbactest.package#xxx01: INSERT:rbactest.domain", + "rbactest.package#xxx01:TENANT -> rbactest.package#xxx01: SELECT", + "rbactest.package#xxx02:ADMIN -> rbactest.package#xxx02: INSERT:rbactest.domain", + "rbactest.package#xxx02:ADMIN -> rbactest.package#xxx02: INSERT:rbactest.domain", + "rbactest.package#xxx02:TENANT -> rbactest.package#xxx02: SELECT", - "test_customer#yyy:ADMIN -> test_customer#yyy: SELECT", - "test_customer#yyy:OWNER -> test_customer#yyy: DELETE", - "test_customer#yyy:TENANT -> test_customer#yyy: SELECT", - "test_customer#yyy:ADMIN -> test_customer#yyy: INSERT:test_package", - "test_package#yyy00:ADMIN -> test_package#yyy00: INSERT:test_domain", - "test_package#yyy00:ADMIN -> test_package#yyy00: INSERT:test_domain", - "test_package#yyy00:TENANT -> test_package#yyy00: SELECT", - "test_package#yyy01:ADMIN -> test_package#yyy01: INSERT:test_domain", - "test_package#yyy01:ADMIN -> test_package#yyy01: INSERT:test_domain", - "test_package#yyy01:TENANT -> test_package#yyy01: SELECT", - "test_package#yyy02:ADMIN -> test_package#yyy02: INSERT:test_domain", - "test_package#yyy02:ADMIN -> test_package#yyy02: INSERT:test_domain", - "test_package#yyy02:TENANT -> test_package#yyy02: SELECT", + "rbactest.customer#yyy:ADMIN -> rbactest.customer#yyy: SELECT", + "rbactest.customer#yyy:OWNER -> rbactest.customer#yyy: DELETE", + "rbactest.customer#yyy:TENANT -> rbactest.customer#yyy: SELECT", + "rbactest.customer#yyy:ADMIN -> rbactest.customer#yyy: INSERT:rbactest.package", + "rbactest.package#yyy00:ADMIN -> rbactest.package#yyy00: INSERT:rbactest.domain", + "rbactest.package#yyy00:ADMIN -> rbactest.package#yyy00: INSERT:rbactest.domain", + "rbactest.package#yyy00:TENANT -> rbactest.package#yyy00: SELECT", + "rbactest.package#yyy01:ADMIN -> rbactest.package#yyy01: INSERT:rbactest.domain", + "rbactest.package#yyy01:ADMIN -> rbactest.package#yyy01: INSERT:rbactest.domain", + "rbactest.package#yyy01:TENANT -> rbactest.package#yyy01: SELECT", + "rbactest.package#yyy02:ADMIN -> rbactest.package#yyy02: INSERT:rbactest.domain", + "rbactest.package#yyy02:ADMIN -> rbactest.package#yyy02: INSERT:rbactest.domain", + "rbactest.package#yyy02:TENANT -> rbactest.package#yyy02: SELECT", - "test_customer#zzz:ADMIN -> test_customer#zzz: SELECT", - "test_customer#zzz:OWNER -> test_customer#zzz: DELETE", - "test_customer#zzz:TENANT -> test_customer#zzz: SELECT", - "test_customer#zzz:ADMIN -> test_customer#zzz: INSERT:test_package", - "test_package#zzz00:ADMIN -> test_package#zzz00: INSERT:test_domain", - "test_package#zzz00:ADMIN -> test_package#zzz00: INSERT:test_domain", - "test_package#zzz00:TENANT -> test_package#zzz00: SELECT", - "test_package#zzz01:ADMIN -> test_package#zzz01: INSERT:test_domain", - "test_package#zzz01:ADMIN -> test_package#zzz01: INSERT:test_domain", - "test_package#zzz01:TENANT -> test_package#zzz01: SELECT", - "test_package#zzz02:ADMIN -> test_package#zzz02: INSERT:test_domain", - "test_package#zzz02:ADMIN -> test_package#zzz02: INSERT:test_domain", - "test_package#zzz02:TENANT -> test_package#zzz02: SELECT" + "rbactest.customer#zzz:ADMIN -> rbactest.customer#zzz: SELECT", + "rbactest.customer#zzz:OWNER -> rbactest.customer#zzz: DELETE", + "rbactest.customer#zzz:TENANT -> rbactest.customer#zzz: SELECT", + "rbactest.customer#zzz:ADMIN -> rbactest.customer#zzz: INSERT:rbactest.package", + "rbactest.package#zzz00:ADMIN -> rbactest.package#zzz00: INSERT:rbactest.domain", + "rbactest.package#zzz00:ADMIN -> rbactest.package#zzz00: INSERT:rbactest.domain", + "rbactest.package#zzz00:TENANT -> rbactest.package#zzz00: SELECT", + "rbactest.package#zzz01:ADMIN -> rbactest.package#zzz01: INSERT:rbactest.domain", + "rbactest.package#zzz01:ADMIN -> rbactest.package#zzz01: INSERT:rbactest.domain", + "rbactest.package#zzz01:TENANT -> rbactest.package#zzz01: SELECT", + "rbactest.package#zzz02:ADMIN -> rbactest.package#zzz02: INSERT:rbactest.domain", + "rbactest.package#zzz02:ADMIN -> rbactest.package#zzz02: INSERT:rbactest.domain", + "rbactest.package#zzz02:TENANT -> rbactest.package#zzz02: SELECT" // @formatter:on ); @@ -233,7 +233,7 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest { // when final var result = rbacSubjectRepository.findPermissionsOfUserByUuid(subjectUuid("superuser-fran@hostsharing.net")) - .stream().filter(p -> p.getObjectTable().contains("test_")) + .stream().filter(p -> p.getObjectTable().contains("rbactest.")) .sorted(comparing(RbacSubjectPermission::toString)).toList(); // then @@ -252,32 +252,32 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest { allTheseRbacPermissionsAreReturned( result, // @formatter:off - "test_customer#xxx:ADMIN -> test_customer#xxx: INSERT:test_package", - "test_customer#xxx:ADMIN -> test_customer#xxx: SELECT", - "test_customer#xxx:TENANT -> test_customer#xxx: SELECT", + "rbactest.customer#xxx:ADMIN -> rbactest.customer#xxx: INSERT:rbactest.package", + "rbactest.customer#xxx:ADMIN -> rbactest.customer#xxx: SELECT", + "rbactest.customer#xxx:TENANT -> rbactest.customer#xxx: SELECT", - "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain", - "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain", - "test_package#xxx00:TENANT -> test_package#xxx00: SELECT", - "test_domain#xxx00-aaaa:OWNER -> test_domain#xxx00-aaaa: DELETE", + "rbactest.package#xxx00:ADMIN -> rbactest.package#xxx00: INSERT:rbactest.domain", + "rbactest.package#xxx00:ADMIN -> rbactest.package#xxx00: INSERT:rbactest.domain", + "rbactest.package#xxx00:TENANT -> rbactest.package#xxx00: SELECT", + "rbactest.domain#xxx00-aaaa:OWNER -> rbactest.domain#xxx00-aaaa: DELETE", - "test_package#xxx01:ADMIN -> test_package#xxx01: INSERT:test_domain", - "test_package#xxx01:ADMIN -> test_package#xxx01: INSERT:test_domain", - "test_package#xxx01:TENANT -> test_package#xxx01: SELECT", - "test_domain#xxx01-aaaa:OWNER -> test_domain#xxx01-aaaa: DELETE", + "rbactest.package#xxx01:ADMIN -> rbactest.package#xxx01: INSERT:rbactest.domain", + "rbactest.package#xxx01:ADMIN -> rbactest.package#xxx01: INSERT:rbactest.domain", + "rbactest.package#xxx01:TENANT -> rbactest.package#xxx01: SELECT", + "rbactest.domain#xxx01-aaaa:OWNER -> rbactest.domain#xxx01-aaaa: DELETE", - "test_package#xxx02:ADMIN -> test_package#xxx02: INSERT:test_domain", - "test_package#xxx02:ADMIN -> test_package#xxx02: INSERT:test_domain", - "test_package#xxx02:TENANT -> test_package#xxx02: SELECT", - "test_domain#xxx02-aaaa:OWNER -> test_domain#xxx02-aaaa: DELETE" + "rbactest.package#xxx02:ADMIN -> rbactest.package#xxx02: INSERT:rbactest.domain", + "rbactest.package#xxx02:ADMIN -> rbactest.package#xxx02: INSERT:rbactest.domain", + "rbactest.package#xxx02:TENANT -> rbactest.package#xxx02: SELECT", + "rbactest.domain#xxx02-aaaa:OWNER -> rbactest.domain#xxx02-aaaa: DELETE" // @formatter:on ); noneOfTheseRbacPermissionsAreReturned( result, // @formatter:off - "test_customer#yyy:ADMIN -> test_customer#yyy: INSERT:test_package", - "test_customer#yyy:ADMIN -> test_customer#yyy: SELECT", - "test_customer#yyy:TENANT -> test_customer#yyy: SELECT" + "rbactest.customer#yyy:ADMIN -> rbactest.customer#yyy: INSERT:rbactest.package", + "rbactest.customer#yyy:ADMIN -> rbactest.customer#yyy: SELECT", + "rbactest.customer#yyy:TENANT -> rbactest.customer#yyy: SELECT" // @formatter:on ); } @@ -312,26 +312,26 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest { allTheseRbacPermissionsAreReturned( result, // @formatter:off - "test_customer#xxx:TENANT -> test_customer#xxx: SELECT", - // "test_customer#xxx:ADMIN -> test_customer#xxx: view" - Not permissions through the customer admin! - "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain", - "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain", - "test_package#xxx00:TENANT -> test_package#xxx00: SELECT", - "test_domain#xxx00-aaaa:OWNER -> test_domain#xxx00-aaaa: DELETE", - "test_domain#xxx00-aaab:OWNER -> test_domain#xxx00-aaab: DELETE" + "rbactest.customer#xxx:TENANT -> rbactest.customer#xxx: SELECT", + // "rbactest.customer#xxx:ADMIN -> rbactest.customer#xxx: view" - Not permissions through the customer admin! + "rbactest.package#xxx00:ADMIN -> rbactest.package#xxx00: INSERT:rbactest.domain", + "rbactest.package#xxx00:ADMIN -> rbactest.package#xxx00: INSERT:rbactest.domain", + "rbactest.package#xxx00:TENANT -> rbactest.package#xxx00: SELECT", + "rbactest.domain#xxx00-aaaa:OWNER -> rbactest.domain#xxx00-aaaa: DELETE", + "rbactest.domain#xxx00-aaab:OWNER -> rbactest.domain#xxx00-aaab: DELETE" // @formatter:on ); noneOfTheseRbacPermissionsAreReturned( result, // @formatter:off - "test_customer#yyy:ADMIN -> test_customer#yyy: INSERT:test_package", - "test_customer#yyy:ADMIN -> test_customer#yyy: SELECT", - "test_customer#yyy:TENANT -> test_customer#yyy: SELECT", - "test_package#yyy00:ADMIN -> test_package#yyy00: INSERT:test_domain", - "test_package#yyy00:ADMIN -> test_package#yyy00: INSERT:test_domain", - "test_package#yyy00:TENANT -> test_package#yyy00: SELECT", - "test_domain#yyy00-aaaa:OWNER -> test_domain#yyy00-aaaa: DELETE", - "test_domain#yyy00-aaab:OWNER -> test_domain#yyy00-aaab: DELETE" + "rbactest.customer#yyy:ADMIN -> rbactest.customer#yyy: INSERT:rbactest.package", + "rbactest.customer#yyy:ADMIN -> rbactest.customer#yyy: SELECT", + "rbactest.customer#yyy:TENANT -> rbactest.customer#yyy: SELECT", + "rbactest.package#yyy00:ADMIN -> rbactest.package#yyy00: INSERT:rbactest.domain", + "rbactest.package#yyy00:ADMIN -> rbactest.package#yyy00: INSERT:rbactest.domain", + "rbactest.package#yyy00:TENANT -> rbactest.package#yyy00: SELECT", + "rbactest.domain#yyy00-aaaa:OWNER -> rbactest.domain#yyy00-aaaa: DELETE", + "rbactest.domain#yyy00-aaab:OWNER -> rbactest.domain#yyy00-aaab: DELETE" // @formatter:on ); } @@ -360,26 +360,26 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest { allTheseRbacPermissionsAreReturned( result, // @formatter:off - "test_customer#xxx:TENANT -> test_customer#xxx: SELECT", - // "test_customer#xxx:ADMIN -> test_customer#xxx: view" - Not permissions through the customer admin! - "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain", - "test_package#xxx00:TENANT -> test_package#xxx00: SELECT" + "rbactest.customer#xxx:TENANT -> rbactest.customer#xxx: SELECT", + // "rbactest.customer#xxx:ADMIN -> rbactest.customer#xxx: view" - Not permissions through the customer admin! + "rbactest.package#xxx00:ADMIN -> rbactest.package#xxx00: INSERT:rbactest.domain", + "rbactest.package#xxx00:TENANT -> rbactest.package#xxx00: SELECT" // @formatter:on ); noneOfTheseRbacPermissionsAreReturned( result, // @formatter:off // no customer admin permissions - "test_customer#xxx:ADMIN -> test_customer#xxx: add-package", + "rbactest.customer#xxx:ADMIN -> rbactest.customer#xxx: add-package", // no permissions on other customer's objects - "test_customer#yyy:ADMIN -> test_customer#yyy: add-package", - "test_customer#yyy:ADMIN -> test_customer#yyy: SELECT", - "test_customer#yyy:TENANT -> test_customer#yyy: SELECT", - "test_package#yyy00:ADMIN -> test_package#yyy00: INSERT:test_domain", - "test_package#yyy00:ADMIN -> test_package#yyy00: INSERT:test_domain", - "test_package#yyy00:TENANT -> test_package#yyy00: SELECT", - "test_domain#yyy00-aaaa:OWNER -> test_domain#yyy00-aaaa: DELETE", - "test_domain#yyy00-xxxb:OWNER -> test_domain#yyy00-xxxb: DELETE" + "rbactest.customer#yyy:ADMIN -> rbactest.customer#yyy: add-package", + "rbactest.customer#yyy:ADMIN -> rbactest.customer#yyy: SELECT", + "rbactest.customer#yyy:TENANT -> rbactest.customer#yyy: SELECT", + "rbactest.package#yyy00:ADMIN -> rbactest.package#yyy00: INSERT:rbactest.domain", + "rbactest.package#yyy00:ADMIN -> rbactest.package#yyy00: INSERT:rbactest.domain", + "rbactest.package#yyy00:TENANT -> rbactest.package#yyy00: SELECT", + "rbactest.domain#yyy00-aaaa:OWNER -> rbactest.domain#yyy00-aaaa: DELETE", + "rbactest.domain#yyy00-xxxb:OWNER -> rbactest.domain#yyy00-xxxb: DELETE" // @formatter:on ); }