Compare commits

..

2 Commits

Author SHA1 Message Date
Michael Hoennig
878a87f1c4 fix HsOfficeSepaMandateRepositoryIntegrationTest 2024-03-15 09:54:09 +01:00
Michael Hoennig
72859015b3 add RbacGrantsDiagramService.ALL_TEST_ENTITY_RELATED and helper method 2024-03-15 09:52:20 +01:00
3 changed files with 45 additions and 40 deletions

View File

@ -45,6 +45,7 @@ public class RbacGrantsDiagramService {
NON_TEST_ENTITIES; NON_TEST_ENTITIES;
public static final EnumSet<Include> ALL = EnumSet.allOf(Include.class); public static final EnumSet<Include> ALL = EnumSet.allOf(Include.class);
public static final EnumSet<Include> ALL_TEST_ENTITY_RELATED = EnumSet.of(USERS, DETAILS, NOT_ASSUMED, TEST_ENTITIES, PERMISSIONS);
} }
@Autowired @Autowired

View File

@ -26,6 +26,7 @@ import java.util.List;
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf; import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf; import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.test.Array.fromFormatted;
import static net.hostsharing.test.JpaAttempt.attempt; import static net.hostsharing.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
@ -94,8 +95,6 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll()); final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream() final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
.map(s -> s.replace("-firstcontact", "-..."))
.map(s -> s.replace("PaulWinkler", "Paul..."))
.map(s -> s.replace("hs_office_", "")) .map(s -> s.replace("hs_office_", ""))
.toList(); .toList();
@ -118,41 +117,36 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
final var all = rawRoleRepo.findAll(); final var all = rawRoleRepo.findAll();
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from( assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(
initialRoleNames, initialRoleNames,
"hs_office_sepamandate#temprefB.owner", "hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).admin",
"hs_office_sepamandate#temprefB.admin", "hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).agent",
"hs_office_sepamandate#temprefB.agent", "hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).owner",
"hs_office_sepamandate#temprefB.tenant", "hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).referrer"));
"hs_office_sepamandate#temprefB.guest"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.map(s -> s.replace("-firstcontact", "-..."))
.map(s -> s.replace("PaulWinkler", "Paul..."))
.map(s -> s.replace("hs_office_", "")) .map(s -> s.replace("hs_office_", ""))
.containsExactlyInAnyOrder(Array.fromFormatted( .containsExactlyInAnyOrder(fromFormatted(
initialGrantNames, initialGrantNames,
// owner // owner
"{ grant perm DELETE on sepamandate#temprefB to role sepamandate#temprefB.owner by system and assume }", "{ grant perm DELETE on sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01) to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).owner by system and assume }",
"{ grant role sepamandate#temprefB.owner to role global#global.admin by system and assume }", "{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).owner to role global#global.admin by system and assume }",
"{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).owner to user superuser-alex@hostsharing.net by sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).owner and assume }",
// admin // admin
"{ grant perm UPDATE on sepamandate#temprefB to role sepamandate#temprefB.admin by system and assume }", "{ grant perm UPDATE on sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01) to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).admin by system and assume }",
"{ grant role sepamandate#temprefB.admin to role sepamandate#temprefB.owner by system and assume }", "{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).admin to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).owner by system and assume }",
"{ grant role bankaccount#Paul....tenant to role sepamandate#temprefB.admin by system and assume }",
// agent // agent
"{ grant role sepamandate#temprefB.agent to role sepamandate#temprefB.admin by system and assume }", "{ grant role bankaccount#DE02600501010002034304.referrer to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).agent by system and assume }",
"{ grant role debitor#1000111:FirstGmbH-....tenant to role sepamandate#temprefB.agent by system and assume }", "{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).agent to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).admin by system and assume }",
"{ grant role sepamandate#temprefB.agent to role bankaccount#Paul....admin by system and assume }", "{ grant role relationship#FirstGmbH-with-ACCOUNTING-FirstGmbH.agent to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).agent by system and assume }",
"{ grant role sepamandate#temprefB.agent to role debitor#1000111:FirstGmbH-....admin by system and assume }",
// tenant // referrer
"{ grant role sepamandate#temprefB.tenant to role sepamandate#temprefB.agent by system and assume }", "{ grant perm SELECT on sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01) to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).referrer by system and assume }",
"{ grant role debitor#1000111:FirstGmbH-....guest to role sepamandate#temprefB.tenant by system and assume }", "{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).referrer to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).agent by system and assume }",
"{ grant role bankaccount#Paul....guest to role sepamandate#temprefB.tenant by system and assume }", "{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).referrer to role bankaccount#DE02600501010002034304.admin by system and assume }",
"{ grant role relationship#FirstGmbH-with-ACCOUNTING-FirstGmbH.tenant to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).referrer by system and assume }",
"{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).referrer to role relationship#FirstGmbH-with-ACCOUNTING-FirstGmbH.agent by system and assume }",
// guest
"{ grant perm SELECT on sepamandate#temprefB to role sepamandate#temprefB.guest by system and assume }",
"{ grant role sepamandate#temprefB.guest to role sepamandate#temprefB.tenant by system and assume }",
null)); null));
} }
@ -236,10 +230,10 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
@Test @Test
public void hostsharingAdmin_canUpdateArbitrarySepaMandate() { public void hostsharingAdmin_canUpdateArbitrarySepaMandate() {
// given // given
final var givenSepaMandate = givenSomeTemporarySepaMandateBessler("Peter Smith"); final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02600501010002034304");
assertThatSepaMandateIsVisibleForUserWithRole( assertThatSepaMandateIsVisibleForUserWithRole(
givenSepaMandate, givenSepaMandate,
"hs_office_bankaccount#PeterSmith.admin"); "hs_office_bankaccount#DE02600501010002034304.admin");
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
@ -264,16 +258,18 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
public void bankAccountAdmin_canViewButNotUpdateRelatedSepaMandate() { public void bankAccountAdmin_canViewButNotUpdateRelatedSepaMandate() {
// given // given
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
final var givenSepaMandate = givenSomeTemporarySepaMandateBessler("Anita Bessler");
final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02300606010002474689");
assertThatSepaMandateIsVisibleForUserWithRole( assertThatSepaMandateIsVisibleForUserWithRole(
givenSepaMandate, givenSepaMandate,
"hs_office_bankaccount#AnitaBessler.admin"); "hs_office_bankaccount#DE02300606010002474689.admin");
assertThatSepaMandateActuallyInDatabase(givenSepaMandate); assertThatSepaMandateActuallyInDatabase(givenSepaMandate);
final var newValidityEnd = LocalDate.now(); final var newValidityEnd = LocalDate.now();
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", "hs_office_bankaccount#AnitaBessler.admin"); context("superuser-alex@hostsharing.net", "hs_office_bankaccount#DE02300606010002474689.admin");
givenSepaMandate.setValidity(Range.closedOpen( givenSepaMandate.setValidity(Range.closedOpen(
givenSepaMandate.getValidity().lower(), newValidityEnd)); givenSepaMandate.getValidity().lower(), newValidityEnd));
return toCleanup(sepaMandateRepo.save(givenSepaMandate)); return toCleanup(sepaMandateRepo.save(givenSepaMandate));
@ -317,7 +313,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
public void globalAdmin_withoutAssumedRole_canDeleteAnySepaMandate() { public void globalAdmin_withoutAssumedRole_canDeleteAnySepaMandate() {
// given // given
context("superuser-alex@hostsharing.net", null); context("superuser-alex@hostsharing.net", null);
final var givenSepaMandate = givenSomeTemporarySepaMandateBessler("Fourth eG"); final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02200505501015871393");
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
@ -337,7 +333,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
public void nonGlobalAdmin_canNotDeleteTheirRelatedSepaMandate() { public void nonGlobalAdmin_canNotDeleteTheirRelatedSepaMandate() {
// given // given
context("superuser-alex@hostsharing.net", null); context("superuser-alex@hostsharing.net", null);
final var givenSepaMandate = givenSomeTemporarySepaMandateBessler("Third OHG"); final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02300209000106531065");
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
@ -363,11 +359,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
final var initialRoleNames = Array.from(distinctRoleNamesOf(rawRoleRepo.findAll())); final var initialRoleNames = Array.from(distinctRoleNamesOf(rawRoleRepo.findAll()));
final var initialGrantNames = Array.from(distinctGrantDisplaysOf(rawGrantRepo.findAll())); final var initialGrantNames = Array.from(distinctGrantDisplaysOf(rawGrantRepo.findAll()));
final var givenSepaMandate = givenSomeTemporarySepaMandateBessler("Mel Bessler"); final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02600501010002034304");
assertThat(distinctRoleNamesOf(rawRoleRepo.findAll()).size()).as("precondition failed: unexpected number of roles created")
.isEqualTo(initialRoleNames.length + 5);
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()).size()).as("precondition failed: unexpected number of grants created")
.isEqualTo(initialGrantNames.length + 14);
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
@ -402,11 +394,11 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
"[creating SEPA-mandate test-data 1000313, hs_office_sepamandate, INSERT]"); "[creating SEPA-mandate test-data 1000313, hs_office_sepamandate, INSERT]");
} }
private HsOfficeSepaMandateEntity givenSomeTemporarySepaMandateBessler(final String bankAccountHolder) { private HsOfficeSepaMandateEntity givenSomeTemporarySepaMandate(final String iban) {
return jpaAttempt.transacted(() -> { return jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
final var givenDebitor = debitorRepo.findDebitorByOptionalNameLike("First").get(0); final var givenDebitor = debitorRepo.findDebitorByOptionalNameLike("First").get(0);
final var givenBankAccount = bankAccountRepo.findByOptionalHolderLike(bankAccountHolder).get(0); final var givenBankAccount = bankAccountRepo.findByIbanOrderByIbanAsc(iban).get(0);
final var newSepaMandate = HsOfficeSepaMandateEntity.builder() final var newSepaMandate = HsOfficeSepaMandateEntity.builder()
.debitor(givenDebitor) .debitor(givenDebitor)
.bankAccount(givenBankAccount) .bankAccount(givenBankAccount)

View File

@ -4,6 +4,7 @@ import net.hostsharing.hsadminng.context.ContextBasedTest;
import net.hostsharing.hsadminng.persistence.HasUuid; import net.hostsharing.hsadminng.persistence.HasUuid;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantEntity; import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantEntity;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantRepository; import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantRepository;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService;
import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject; import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleEntity; import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleEntity;
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository; import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository;
@ -254,6 +255,17 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
.collect(toSet()); .collect(toSet());
}).assertSuccessful().returnedValue(); }).assertSuccessful().returnedValue();
} }
/**
* Generates a diagram of the RBAC-Grants to the current subjects (user or assumed roles).
*/
protected void generateRbacGrantsDiagram(final EnumSet<RbacGrantsDiagramService.Include> include, final String title) {
RbacGrantsDiagramService.writeToFile(
title,
diagramService.allGrantsToCurrentUser(include),
"doc/" + title + ".md"
);
}
} }
interface RbacObjectRepository extends Repository<RbacObjectEntity, UUID> { interface RbacObjectRepository extends Repository<RbacObjectEntity, UUID> {