Compare commits

..

No commits in common. "3b7c35cfe4165ae50d1e3ea9ca06d23ad6980da6" and "f5802ed404f9e2e157a764ce262108fe45817728" have entirely different histories.

6 changed files with 7 additions and 28 deletions

View File

@ -50,7 +50,6 @@ import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.DELETE;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.GUEST; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.GUEST;
@ -204,13 +203,15 @@ public class HsHostingAssetEntity implements Stringifyable, RbacObject, Properti
.switchOnColumn("type", .switchOnColumn("type",
inCaseOf("DOMAIN_SETUP", then -> { inCaseOf("DOMAIN_SETUP", then -> {
// grant(ADMIN).to(currentlyAssumedRole() // FIXME
// oder:
// via with.incomingSuperRole("bookingItem", ADMIN); (s.u.)
then.toRole(GLOBAL, GUEST).grantPermission(INSERT); then.toRole(GLOBAL, GUEST).grantPermission(INSERT);
then.toRole(GLOBAL, ADMIN).grantPermission(SELECT); // TODO.spec: replace by a proper solution then.toRole(GLOBAL, ADMIN).grantPermission(SELECT); // TODO.spec: replace by a proper solution
}) })
) )
.createRole(OWNER, (with) -> { .createRole(OWNER, (with) -> {
with.owningUser(CREATOR);
with.incomingSuperRole("bookingItem", ADMIN); with.incomingSuperRole("bookingItem", ADMIN);
with.incomingSuperRole("parentAsset", ADMIN); with.incomingSuperRole("parentAsset", ADMIN);
with.permission(DELETE); with.permission(DELETE);

View File

@ -80,9 +80,6 @@ subgraph parentAsset["`**parentAsset**`"]
end end
end end
%% granting roles to users
user:creator ==> role:asset:OWNER
%% granting roles to roles %% granting roles to roles
role:bookingItem:OWNER -.-> role:bookingItem:ADMIN role:bookingItem:OWNER -.-> role:bookingItem:ADMIN
role:bookingItem:ADMIN -.-> role:bookingItem:AGENT role:bookingItem:ADMIN -.-> role:bookingItem:AGENT

View File

@ -51,8 +51,7 @@ begin
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[ incomingSuperRoles => array[
hsBookingItemADMIN(newBookingItem), hsBookingItemADMIN(newBookingItem),
hsHostingAssetADMIN(newParentAsset)], hsHostingAssetADMIN(newParentAsset)]
userUuids => array[currentUserUuid()]
); );
perform createRoleWithGrants( perform createRoleWithGrants(

View File

@ -40,10 +40,8 @@ public class ArchitectureTest {
"..test.pac", "..test.pac",
"..test.dom", "..test.dom",
"..context", "..context",
"..hash",
"..generated..", "..generated..",
"..persistence..", "..persistence..",
"..system..",
"..validation..", "..validation..",
"..hs.office.bankaccount", "..hs.office.bankaccount",
"..hs.office.contact", "..hs.office.contact",
@ -112,13 +110,6 @@ public class ArchitectureTest {
.should().onlyDependOnClassesThat() .should().onlyDependOnClassesThat()
.resideOutsideOfPackage(NET_HOSTSHARING_HSADMINNG); .resideOutsideOfPackage(NET_HOSTSHARING_HSADMINNG);
@ArchTest
@SuppressWarnings("unused")
public static final ArchRule hashPackageRule = classes()
.that().resideInAPackage("..hash..")
.should().onlyDependOnClassesThat()
.resideOutsideOfPackage(NET_HOSTSHARING_HSADMINNG);
@ArchTest @ArchTest
@SuppressWarnings("unused") @SuppressWarnings("unused")
public static final ArchRule errorsPackageRule = classes() public static final ArchRule errorsPackageRule = classes()
@ -126,13 +117,6 @@ public class ArchitectureTest {
.should().onlyDependOnClassesThat() .should().onlyDependOnClassesThat()
.resideOutsideOfPackage(NET_HOSTSHARING_HSADMINNG); .resideOutsideOfPackage(NET_HOSTSHARING_HSADMINNG);
@ArchTest
@SuppressWarnings("unused")
public static final ArchRule systemPackageRule = classes()
.that().resideInAPackage("..system..")
.should().onlyDependOnClassesThat()
.resideOutsideOfPackage(NET_HOSTSHARING_HSADMINNG);
@ArchTest @ArchTest
@SuppressWarnings("unused") @SuppressWarnings("unused")
public static final ArchRule testPackagesRule = classes() public static final ArchRule testPackagesRule = classes()

View File

@ -134,7 +134,6 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
"{ grant perm:hs_hosting_asset#fir00:SELECT to role:global#global:ADMIN by system and assume }", // workaround "{ grant perm:hs_hosting_asset#fir00:SELECT to role:global#global:ADMIN by system and assume }", // workaround
// owner // owner
"{ grant role:hs_hosting_asset#fir00:OWNER to user:superuser-alex@hostsharing.net by hs_hosting_asset#fir00:OWNER and assume }",
"{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_booking_item#fir01:ADMIN by system and assume }", "{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_booking_item#fir01:ADMIN by system and assume }",
"{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_hosting_asset#vm1011:ADMIN by system and assume }", "{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_hosting_asset#vm1011:ADMIN by system and assume }",
"{ grant perm:hs_hosting_asset#fir00:DELETE to role:hs_hosting_asset#fir00:OWNER by system and assume }", "{ grant perm:hs_hosting_asset#fir00:DELETE to role:hs_hosting_asset#fir00:OWNER by system and assume }",
@ -178,16 +177,15 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
result.assertSuccessful(); result.assertSuccessful();
assertThat(result.returnedValue()).isNotNull().extracting(HsHostingAssetEntity::getUuid).isNotNull(); assertThat(result.returnedValue()).isNotNull().extracting(HsHostingAssetEntity::getUuid).isNotNull();
assertThat(result.returnedValue().isLoaded()).isFalse(); assertThat(result.returnedValue().isLoaded()).isFalse();
context("person-SmithPeter@example.com");
assertThatAssetIsPersisted(result.returnedValue());
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
assertThatAssetIsPersisted(result.returnedValue());
assertThat(assetRepo.count()).isEqualTo(assetCount + 1); assertThat(assetRepo.count()).isEqualTo(assetCount + 1);
} }
private void assertThatAssetIsPersisted(final HsHostingAssetEntity saved) { private void assertThatAssetIsPersisted(final HsHostingAssetEntity saved) {
attempt(em, () -> { attempt(em, () -> {
final var found = assetRepo.findByUuid(saved.getUuid()); final var found = assetRepo.findByUuid(saved.getUuid());
assertThat(found).isNotEmpty().map(HsHostingAssetEntity::toString).contains(saved.toString()); assertThat(found).isNotEmpty().map(HsHostingAssetEntity::toString).get().isEqualTo(saved.toString());
}); });
} }

View File

@ -9,7 +9,7 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.catchThrowable; import static org.assertj.core.api.Assertions.catchThrowable;
import static org.junit.jupiter.api.condition.OS.LINUX; import static org.junit.jupiter.api.condition.OS.LINUX;
class SystemProcessUnitTest { class SystemProcessTest {
@Test @Test
@EnabledOnOs(LINUX) @EnabledOnOs(LINUX)