|
|
@ -26,6 +26,7 @@ import java.util.List;
|
|
|
|
|
|
|
|
|
|
|
|
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
|
|
|
|
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
|
|
|
|
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf;
|
|
|
|
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf;
|
|
|
|
|
|
|
|
import static net.hostsharing.test.Array.fromFormatted;
|
|
|
|
import static net.hostsharing.test.JpaAttempt.attempt;
|
|
|
|
import static net.hostsharing.test.JpaAttempt.attempt;
|
|
|
|
import static org.assertj.core.api.Assertions.assertThat;
|
|
|
|
import static org.assertj.core.api.Assertions.assertThat;
|
|
|
|
|
|
|
|
|
|
|
@ -94,8 +95,6 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
|
|
|
|
context("superuser-alex@hostsharing.net");
|
|
|
|
context("superuser-alex@hostsharing.net");
|
|
|
|
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
|
|
|
|
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
|
|
|
|
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
|
|
|
|
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
|
|
|
|
.map(s -> s.replace("-firstcontact", "-..."))
|
|
|
|
|
|
|
|
.map(s -> s.replace("PaulWinkler", "Paul..."))
|
|
|
|
|
|
|
|
.map(s -> s.replace("hs_office_", ""))
|
|
|
|
.map(s -> s.replace("hs_office_", ""))
|
|
|
|
.toList();
|
|
|
|
.toList();
|
|
|
|
|
|
|
|
|
|
|
@ -118,41 +117,36 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
|
|
|
|
final var all = rawRoleRepo.findAll();
|
|
|
|
final var all = rawRoleRepo.findAll();
|
|
|
|
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(
|
|
|
|
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(
|
|
|
|
initialRoleNames,
|
|
|
|
initialRoleNames,
|
|
|
|
"hs_office_sepamandate#temprefB.owner",
|
|
|
|
"hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).admin",
|
|
|
|
"hs_office_sepamandate#temprefB.admin",
|
|
|
|
"hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).agent",
|
|
|
|
"hs_office_sepamandate#temprefB.agent",
|
|
|
|
"hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).owner",
|
|
|
|
"hs_office_sepamandate#temprefB.tenant",
|
|
|
|
"hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).referrer"));
|
|
|
|
"hs_office_sepamandate#temprefB.guest"));
|
|
|
|
|
|
|
|
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
|
|
|
|
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
|
|
|
|
.map(s -> s.replace("-firstcontact", "-..."))
|
|
|
|
|
|
|
|
.map(s -> s.replace("PaulWinkler", "Paul..."))
|
|
|
|
|
|
|
|
.map(s -> s.replace("hs_office_", ""))
|
|
|
|
.map(s -> s.replace("hs_office_", ""))
|
|
|
|
.containsExactlyInAnyOrder(Array.fromFormatted(
|
|
|
|
.containsExactlyInAnyOrder(fromFormatted(
|
|
|
|
initialGrantNames,
|
|
|
|
initialGrantNames,
|
|
|
|
|
|
|
|
|
|
|
|
// owner
|
|
|
|
// owner
|
|
|
|
"{ grant perm DELETE on sepamandate#temprefB to role sepamandate#temprefB.owner by system and assume }",
|
|
|
|
"{ grant perm DELETE on sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01) to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).owner by system and assume }",
|
|
|
|
"{ grant role sepamandate#temprefB.owner to role global#global.admin by system and assume }",
|
|
|
|
"{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).owner to role global#global.admin by system and assume }",
|
|
|
|
|
|
|
|
"{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).owner to user superuser-alex@hostsharing.net by sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).owner and assume }",
|
|
|
|
|
|
|
|
|
|
|
|
// admin
|
|
|
|
// admin
|
|
|
|
"{ grant perm UPDATE on sepamandate#temprefB to role sepamandate#temprefB.admin by system and assume }",
|
|
|
|
"{ grant perm UPDATE on sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01) to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).admin by system and assume }",
|
|
|
|
"{ grant role sepamandate#temprefB.admin to role sepamandate#temprefB.owner by system and assume }",
|
|
|
|
"{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).admin to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).owner by system and assume }",
|
|
|
|
"{ grant role bankaccount#Paul....tenant to role sepamandate#temprefB.admin by system and assume }",
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// agent
|
|
|
|
// agent
|
|
|
|
"{ grant role sepamandate#temprefB.agent to role sepamandate#temprefB.admin by system and assume }",
|
|
|
|
"{ grant role bankaccount#DE02600501010002034304.referrer to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).agent by system and assume }",
|
|
|
|
"{ grant role debitor#1000111:FirstGmbH-....tenant to role sepamandate#temprefB.agent by system and assume }",
|
|
|
|
"{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).agent to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).admin by system and assume }",
|
|
|
|
"{ grant role sepamandate#temprefB.agent to role bankaccount#Paul....admin by system and assume }",
|
|
|
|
"{ grant role relationship#FirstGmbH-with-ACCOUNTING-FirstGmbH.agent to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).agent by system and assume }",
|
|
|
|
"{ grant role sepamandate#temprefB.agent to role debitor#1000111:FirstGmbH-....admin by system and assume }",
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// tenant
|
|
|
|
// referrer
|
|
|
|
"{ grant role sepamandate#temprefB.tenant to role sepamandate#temprefB.agent by system and assume }",
|
|
|
|
"{ grant perm SELECT on sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01) to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).referrer by system and assume }",
|
|
|
|
"{ grant role debitor#1000111:FirstGmbH-....guest to role sepamandate#temprefB.tenant by system and assume }",
|
|
|
|
"{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).referrer to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).agent by system and assume }",
|
|
|
|
"{ grant role bankaccount#Paul....guest to role sepamandate#temprefB.tenant by system and assume }",
|
|
|
|
"{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).referrer to role bankaccount#DE02600501010002034304.admin by system and assume }",
|
|
|
|
|
|
|
|
"{ grant role relationship#FirstGmbH-with-ACCOUNTING-FirstGmbH.tenant to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).referrer by system and assume }",
|
|
|
|
|
|
|
|
"{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).referrer to role relationship#FirstGmbH-with-ACCOUNTING-FirstGmbH.agent by system and assume }",
|
|
|
|
|
|
|
|
|
|
|
|
// guest
|
|
|
|
|
|
|
|
"{ grant perm SELECT on sepamandate#temprefB to role sepamandate#temprefB.guest by system and assume }",
|
|
|
|
|
|
|
|
"{ grant role sepamandate#temprefB.guest to role sepamandate#temprefB.tenant by system and assume }",
|
|
|
|
|
|
|
|
null));
|
|
|
|
null));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -236,10 +230,10 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
|
|
|
|
@Test
|
|
|
|
@Test
|
|
|
|
public void hostsharingAdmin_canUpdateArbitrarySepaMandate() {
|
|
|
|
public void hostsharingAdmin_canUpdateArbitrarySepaMandate() {
|
|
|
|
// given
|
|
|
|
// given
|
|
|
|
final var givenSepaMandate = givenSomeTemporarySepaMandateBessler("Peter Smith");
|
|
|
|
final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02600501010002034304");
|
|
|
|
assertThatSepaMandateIsVisibleForUserWithRole(
|
|
|
|
assertThatSepaMandateIsVisibleForUserWithRole(
|
|
|
|
givenSepaMandate,
|
|
|
|
givenSepaMandate,
|
|
|
|
"hs_office_bankaccount#PeterSmith.admin");
|
|
|
|
"hs_office_bankaccount#DE02600501010002034304.admin");
|
|
|
|
|
|
|
|
|
|
|
|
// when
|
|
|
|
// when
|
|
|
|
final var result = jpaAttempt.transacted(() -> {
|
|
|
|
final var result = jpaAttempt.transacted(() -> {
|
|
|
@ -264,16 +258,18 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
|
|
|
|
public void bankAccountAdmin_canViewButNotUpdateRelatedSepaMandate() {
|
|
|
|
public void bankAccountAdmin_canViewButNotUpdateRelatedSepaMandate() {
|
|
|
|
// given
|
|
|
|
// given
|
|
|
|
context("superuser-alex@hostsharing.net");
|
|
|
|
context("superuser-alex@hostsharing.net");
|
|
|
|
final var givenSepaMandate = givenSomeTemporarySepaMandateBessler("Anita Bessler");
|
|
|
|
|
|
|
|
|
|
|
|
final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02300606010002474689");
|
|
|
|
assertThatSepaMandateIsVisibleForUserWithRole(
|
|
|
|
assertThatSepaMandateIsVisibleForUserWithRole(
|
|
|
|
givenSepaMandate,
|
|
|
|
givenSepaMandate,
|
|
|
|
"hs_office_bankaccount#AnitaBessler.admin");
|
|
|
|
"hs_office_bankaccount#DE02300606010002474689.admin");
|
|
|
|
assertThatSepaMandateActuallyInDatabase(givenSepaMandate);
|
|
|
|
assertThatSepaMandateActuallyInDatabase(givenSepaMandate);
|
|
|
|
final var newValidityEnd = LocalDate.now();
|
|
|
|
final var newValidityEnd = LocalDate.now();
|
|
|
|
|
|
|
|
|
|
|
|
// when
|
|
|
|
// when
|
|
|
|
final var result = jpaAttempt.transacted(() -> {
|
|
|
|
final var result = jpaAttempt.transacted(() -> {
|
|
|
|
context("superuser-alex@hostsharing.net", "hs_office_bankaccount#AnitaBessler.admin");
|
|
|
|
context("superuser-alex@hostsharing.net", "hs_office_bankaccount#DE02300606010002474689.admin");
|
|
|
|
|
|
|
|
|
|
|
|
givenSepaMandate.setValidity(Range.closedOpen(
|
|
|
|
givenSepaMandate.setValidity(Range.closedOpen(
|
|
|
|
givenSepaMandate.getValidity().lower(), newValidityEnd));
|
|
|
|
givenSepaMandate.getValidity().lower(), newValidityEnd));
|
|
|
|
return toCleanup(sepaMandateRepo.save(givenSepaMandate));
|
|
|
|
return toCleanup(sepaMandateRepo.save(givenSepaMandate));
|
|
|
@ -317,7 +313,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
|
|
|
|
public void globalAdmin_withoutAssumedRole_canDeleteAnySepaMandate() {
|
|
|
|
public void globalAdmin_withoutAssumedRole_canDeleteAnySepaMandate() {
|
|
|
|
// given
|
|
|
|
// given
|
|
|
|
context("superuser-alex@hostsharing.net", null);
|
|
|
|
context("superuser-alex@hostsharing.net", null);
|
|
|
|
final var givenSepaMandate = givenSomeTemporarySepaMandateBessler("Fourth eG");
|
|
|
|
final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02200505501015871393");
|
|
|
|
|
|
|
|
|
|
|
|
// when
|
|
|
|
// when
|
|
|
|
final var result = jpaAttempt.transacted(() -> {
|
|
|
|
final var result = jpaAttempt.transacted(() -> {
|
|
|
@ -337,7 +333,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
|
|
|
|
public void nonGlobalAdmin_canNotDeleteTheirRelatedSepaMandate() {
|
|
|
|
public void nonGlobalAdmin_canNotDeleteTheirRelatedSepaMandate() {
|
|
|
|
// given
|
|
|
|
// given
|
|
|
|
context("superuser-alex@hostsharing.net", null);
|
|
|
|
context("superuser-alex@hostsharing.net", null);
|
|
|
|
final var givenSepaMandate = givenSomeTemporarySepaMandateBessler("Third OHG");
|
|
|
|
final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02300209000106531065");
|
|
|
|
|
|
|
|
|
|
|
|
// when
|
|
|
|
// when
|
|
|
|
final var result = jpaAttempt.transacted(() -> {
|
|
|
|
final var result = jpaAttempt.transacted(() -> {
|
|
|
@ -363,11 +359,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
|
|
|
|
context("superuser-alex@hostsharing.net");
|
|
|
|
context("superuser-alex@hostsharing.net");
|
|
|
|
final var initialRoleNames = Array.from(distinctRoleNamesOf(rawRoleRepo.findAll()));
|
|
|
|
final var initialRoleNames = Array.from(distinctRoleNamesOf(rawRoleRepo.findAll()));
|
|
|
|
final var initialGrantNames = Array.from(distinctGrantDisplaysOf(rawGrantRepo.findAll()));
|
|
|
|
final var initialGrantNames = Array.from(distinctGrantDisplaysOf(rawGrantRepo.findAll()));
|
|
|
|
final var givenSepaMandate = givenSomeTemporarySepaMandateBessler("Mel Bessler");
|
|
|
|
final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02600501010002034304");
|
|
|
|
assertThat(distinctRoleNamesOf(rawRoleRepo.findAll()).size()).as("precondition failed: unexpected number of roles created")
|
|
|
|
|
|
|
|
.isEqualTo(initialRoleNames.length + 5);
|
|
|
|
|
|
|
|
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()).size()).as("precondition failed: unexpected number of grants created")
|
|
|
|
|
|
|
|
.isEqualTo(initialGrantNames.length + 14);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// when
|
|
|
|
// when
|
|
|
|
final var result = jpaAttempt.transacted(() -> {
|
|
|
|
final var result = jpaAttempt.transacted(() -> {
|
|
|
@ -402,11 +394,11 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
|
|
|
|
"[creating SEPA-mandate test-data 1000313, hs_office_sepamandate, INSERT]");
|
|
|
|
"[creating SEPA-mandate test-data 1000313, hs_office_sepamandate, INSERT]");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private HsOfficeSepaMandateEntity givenSomeTemporarySepaMandateBessler(final String bankAccountHolder) {
|
|
|
|
private HsOfficeSepaMandateEntity givenSomeTemporarySepaMandate(final String iban) {
|
|
|
|
return jpaAttempt.transacted(() -> {
|
|
|
|
return jpaAttempt.transacted(() -> {
|
|
|
|
context("superuser-alex@hostsharing.net");
|
|
|
|
context("superuser-alex@hostsharing.net");
|
|
|
|
final var givenDebitor = debitorRepo.findDebitorByOptionalNameLike("First").get(0);
|
|
|
|
final var givenDebitor = debitorRepo.findDebitorByOptionalNameLike("First").get(0);
|
|
|
|
final var givenBankAccount = bankAccountRepo.findByOptionalHolderLike(bankAccountHolder).get(0);
|
|
|
|
final var givenBankAccount = bankAccountRepo.findByIbanOrderByIbanAsc(iban).get(0);
|
|
|
|
final var newSepaMandate = HsOfficeSepaMandateEntity.builder()
|
|
|
|
final var newSepaMandate = HsOfficeSepaMandateEntity.builder()
|
|
|
|
.debitor(givenDebitor)
|
|
|
|
.debitor(givenDebitor)
|
|
|
|
.bankAccount(givenBankAccount)
|
|
|
|
.bankAccount(givenBankAccount)
|
|
|
|