.gitignore

@@ -4,6 +4,7 @@
 /build/www/**
 /src/test/javascript/coverage/
 /worktrees/
+TODO-progress.png
 
 ######################
 # Node

README.md

@@ -380,6 +380,12 @@ You can explore the prototype as follows:
 `src/`
     The actual source-code, see [Source Code Package Structure](#source-code-package-structure) for details.
 
+`TODO.md`
+    Requirements of initial project. Do not touch!
+
+`TODO-progress.png`
+    Generated diagram image of the project progress.
+
 `tools/`
     Some shell-scripts to useful tasks.
 
@@ -759,4 +765,5 @@ The output will list the generated files.
 ## Further Documentation
 
 - the `doc` directory contains architecture concepts and a glossary
-- the `ideas` directory contains unstructured ideas for future development or documentation
+- TODO.md tracks requirements and progress for the contract of the initial project,
+  please do not amend anything in this document

doc/rbac.md

@@ -694,7 +694,7 @@ Users can view only the roles to which are granted to them.
 
 Grant can be `empowered`, this means that the grantee user can grant the granted role to other users
 and revoke grants to that role.
-(TODO: access control part not yet implemented, currently all accessible roles can be granted to other users)
+(TODO: access control part not yet implemented)
 
 Grants can be `managed`, which means they are created and deleted by system-defined rules.
 If a grant is not managed, it was created by an empowered user and can be deleted by empowered users.

doc/test-concept.md

@@ -87,7 +87,7 @@ Acceptance-Tests run on a fully integrated and deployed system with deployed dou
 
 Acceptance-tests, are blackbox-tests and do <u>not</u> count into test-code-coverage.
 
-TODO.test: Complete the Acceptance-Tests test concept.
+TODO: Complete the Acceptance-Tests test concept.
 
 
 #### Performance-Tests
@@ -107,4 +107,4 @@ We define System-Integration-Tests as test in which this system is deployed in a
 
 System-Integration-tests, are blackbox-tests and do <u>not</u> count into test-code-coverage.
 
-TODO.test: Complete the System-Integration-Tests test concept.
+TODO: Complete the System-Integration-Tests test concept.

sql/historization.sql

@@ -18,8 +18,8 @@ CREATE OR REPLACE FUNCTION historicize()
     RETURNS trigger
     LANGUAGE plpgsql STRICT AS $$
 DECLARE
-    currentUser VARCHAR(63);
+currentUser VARCHAR(64);
-    currentTask VARCHAR(127);
+    currentTask varchar;
     "row" RECORD;
     "alive" BOOLEAN;
     "sql" varchar;
@@ -37,27 +37,27 @@ END IF;
 
     -- determine task
     currentTask = current_setting('hsadminng.currentTask');
-    assert currentTask IS NOT NULL AND length(currentTask) >= 12,
+    IF (currentTask IS NULL OR length(currentTask) < 12) THEN
-        format('hsadminng.currentTask (%s) must be defined and min 12 characters long, please use "SET LOCAL ...;"', currentTask);
+        RAISE EXCEPTION 'hsadminng.currentTask (%) must be defined and min 12 characters long, please use "SET LOCAL ...;"', currentTask;
-    assert length(currentTask) <= 127,
+END IF;
-        format('hsadminng.currentTask (%s) must not be longer than 127 characters"', currentTask);
+    RAISE NOTICE 'currentTask: %', currentTask;
 
     IF (TG_OP = 'INSERT') OR (TG_OP = 'UPDATE') THEN
         "row" := NEW;
         "alive" := TRUE;
-    ELSE -- DELETE or TRUNCATE
+ELSE -- DELETE or TRUNCATE
-            "row" := OLD;
+        "row" := OLD;
-            "alive" := FALSE;
+        "alive" := FALSE;
-    END IF;
+END IF;
 
-    sql := format('INSERT INTO tx_history VALUES (txid_current(), now(), %1L, %2L) ON CONFLICT DO NOTHING', currentUser, currentTask);
+sql := format('INSERT INTO tx_history VALUES (txid_current(), now(), %1L, %2L) ON CONFLICT DO NOTHING', currentUser, currentTask);
     RAISE NOTICE 'sql: %', sql;
-    EXECUTE sql;
+EXECUTE sql;
-    sql := format('INSERT INTO %3$I_versions VALUES (DEFAULT, txid_current(), %1$L, %2$L, $1.*)', TG_OP, alive, TG_TABLE_NAME);
+sql := format('INSERT INTO %3$I_versions VALUES (DEFAULT, txid_current(), %1$L, %2$L, $1.*)', TG_OP, alive, TG_TABLE_NAME);
-        RAISE NOTICE 'sql: %', sql;
+    RAISE NOTICE 'sql: %', sql;
-    EXECUTE sql USING "row";
+EXECUTE sql USING "row";
 
-    RETURN "row";
+RETURN "row";
 END; $$;
 
 CREATE OR REPLACE PROCEDURE create_historical_view(baseTable varchar)

src/main/java/net/hostsharing/hsadminng/context/Context.java

@@ -55,15 +55,16 @@ public class Context {
             final String currentRequest,
             final String currentUser,
             final String assumedRoles) {
-        final var query = em.createNativeQuery("""
+        final var query = em.createNativeQuery(
-                call defineContext(
+                """
-                    cast(:currentTask as varchar(127)),
+                        call defineContext(
-                    cast(:currentRequest as text),
+                            cast(:currentTask as varchar), 
-                    cast(:currentUser as varchar(63)),
+                            cast(:currentRequest as varchar), 
-                    cast(:assumedRoles as varchar(1023)));
+                            cast(:currentUser as varchar), 
-                """);
+                            cast(:assumedRoles as varchar));
-        query.setParameter("currentTask", shortenToMaxLength(currentTask, 127));
+                        """);
-        query.setParameter("currentRequest", currentRequest);
+        query.setParameter("currentTask", shortenToMaxLength(currentTask, 96));
+        query.setParameter("currentRequest", shortenToMaxLength(currentRequest, 512)); // TODO.spec: length?
         query.setParameter("currentUser", currentUser);
         query.setParameter("assumedRoles", assumedRoles != null ? assumedRoles : "");
         query.executeUpdate();

src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountEntity.java

@@ -3,7 +3,7 @@ package net.hostsharing.hsadminng.hs.office.bankaccount;
 import lombok.*;
 import lombok.experimental.FieldNameConstants;
 import net.hostsharing.hsadminng.errors.DisplayName;
-import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
+import net.hostsharing.hsadminng.persistence.HasUuid;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
 import net.hostsharing.hsadminng.stringify.Stringify;
 import net.hostsharing.hsadminng.stringify.Stringifyable;
@@ -30,7 +30,7 @@ import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
 @AllArgsConstructor
 @FieldNameConstants
 @DisplayName("BankAccount")
-public class HsOfficeBankAccountEntity implements RbacObject, Stringifyable {
+public class HsOfficeBankAccountEntity implements HasUuid, Stringifyable {
 
     private static Stringify<HsOfficeBankAccountEntity> toString = stringify(HsOfficeBankAccountEntity.class, "bankAccount")
             .withIdProp(HsOfficeBankAccountEntity::getIban)

src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactEntity.java

@@ -3,7 +3,7 @@ package net.hostsharing.hsadminng.hs.office.contact;
 import lombok.*;
 import lombok.experimental.FieldNameConstants;
 import net.hostsharing.hsadminng.errors.DisplayName;
-import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
+import net.hostsharing.hsadminng.persistence.HasUuid;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL;
 import net.hostsharing.hsadminng.stringify.Stringify;
@@ -30,7 +30,7 @@ import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
 @AllArgsConstructor
 @FieldNameConstants
 @DisplayName("Contact")
-public class HsOfficeContactEntity implements Stringifyable, RbacObject {
+public class HsOfficeContactEntity implements Stringifyable, HasUuid {
 
     private static Stringify<HsOfficeContactEntity> toString = stringify(HsOfficeContactEntity.class, "contact")
             .withProp(Fields.label, HsOfficeContactEntity::getLabel)
@@ -43,13 +43,13 @@ public class HsOfficeContactEntity implements Stringifyable, RbacObject {
     private String label;
 
     @Column(name = "postaladdress")
-    private String postalAddress; // TODO.spec: check if we really want multiple, if so: JSON-Array or Postgres-Array?
+    private String postalAddress; // TODO: check if we really want multiple, if so: JSON-Array or Postgres-Array?
 
     @Column(name = "emailaddresses", columnDefinition = "json")
-    private String emailAddresses; // TODO.spec: check if we can really add multiple. format: ["eins@...", "zwei@..."]
+    private String emailAddresses; // TODO: check if we can really add multiple. format: ["eins@...", "zwei@..."]
 
     @Column(name = "phonenumbers", columnDefinition = "json")
-    private String phoneNumbers; // TODO.spec: check if we can really add multiple. format: { "office": "+49 40 12345-10", "fax": "+49 40 12345-05" }
+    private String phoneNumbers; // TODO: check if we can really add multiple. format: { "office": "+49 40 12345-10", "fax": "+49 40 12345-05" }
 
     @Override
     public String toString() {

src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java

@@ -4,7 +4,7 @@ package net.hostsharing.hsadminng.hs.office.coopassets;
 import lombok.*;
 import net.hostsharing.hsadminng.errors.DisplayName;
 import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipEntity;
-import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
+import net.hostsharing.hsadminng.persistence.HasUuid;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
 import net.hostsharing.hsadminng.stringify.Stringify;
 import net.hostsharing.hsadminng.stringify.Stringifyable;
@@ -34,7 +34,7 @@ import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
 @NoArgsConstructor
 @AllArgsConstructor
 @DisplayName("CoopAssetsTransaction")
-public class HsOfficeCoopAssetsTransactionEntity implements Stringifyable, RbacObject {
+public class HsOfficeCoopAssetsTransactionEntity implements Stringifyable, HasUuid {
 
     private static Stringify<HsOfficeCoopAssetsTransactionEntity> stringify = stringify(HsOfficeCoopAssetsTransactionEntity.class)
             .withIdProp(HsOfficeCoopAssetsTransactionEntity::getTaggedMemberNumber)

src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java

@@ -3,7 +3,7 @@ package net.hostsharing.hsadminng.hs.office.coopshares;
 import lombok.*;
 import net.hostsharing.hsadminng.errors.DisplayName;
 import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipEntity;
-import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
+import net.hostsharing.hsadminng.persistence.HasUuid;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL;
 import net.hostsharing.hsadminng.stringify.Stringify;
@@ -32,7 +32,7 @@ import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
 @NoArgsConstructor
 @AllArgsConstructor
 @DisplayName("CoopShareTransaction")
-public class HsOfficeCoopSharesTransactionEntity implements Stringifyable, RbacObject {
+public class HsOfficeCoopSharesTransactionEntity implements Stringifyable, HasUuid {
 
     private static Stringify<HsOfficeCoopSharesTransactionEntity> stringify = stringify(HsOfficeCoopSharesTransactionEntity.class)
             .withProp(HsOfficeCoopSharesTransactionEntity::getMemberNumberTagged)

src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorEntity.java

@@ -5,7 +5,7 @@ import net.hostsharing.hsadminng.errors.DisplayName;
 import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountEntity;
 import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerEntity;
 import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationEntity;
-import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
+import net.hostsharing.hsadminng.persistence.HasUuid;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL;
 import net.hostsharing.hsadminng.stringify.Stringify;
@@ -16,7 +16,6 @@ import org.hibernate.annotations.NotFound;
 import org.hibernate.annotations.NotFoundAction;
 
 import jakarta.persistence.*;
-import jakarta.validation.constraints.Pattern;
 import java.io.IOException;
 import java.util.UUID;
 
@@ -43,10 +42,9 @@ import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
 @NoArgsConstructor
 @AllArgsConstructor
 @DisplayName("Debitor")
-public class HsOfficeDebitorEntity implements RbacObject, Stringifyable {
+public class HsOfficeDebitorEntity implements HasUuid, Stringifyable {
 
     public static final String DEBITOR_NUMBER_TAG = "D-";
-    public static final String TWO_DECIMAL_DIGITS = "^([0-9]{2})$";
 
     private static Stringify<HsOfficeDebitorEntity> stringify =
             stringify(HsOfficeDebitorEntity.class, "debitor")
@@ -77,9 +75,8 @@ public class HsOfficeDebitorEntity implements RbacObject, Stringifyable {
     @NotFound(action = NotFoundAction.IGNORE)
     private HsOfficePartnerEntity partner;
 
-    @Column(name = "debitornumbersuffix", length = 2)
+    @Column(name = "debitornumbersuffix", columnDefinition = "numeric(2)")
-    @Pattern(regexp = TWO_DECIMAL_DIGITS)
+    private Byte debitorNumberSuffix; // TODO maybe rather as a formatted String?
-    private String debitorNumberSuffix;
 
     @ManyToOne(cascade = { PERSIST, MERGE, REFRESH, DETACH }, optional = false)
     @JoinColumn(name = "debitorreluuid", nullable = false)
@@ -112,7 +109,7 @@ public class HsOfficeDebitorEntity implements RbacObject, Stringifyable {
                 .filter(partner -> debitorNumberSuffix != null)
                 .map(HsOfficePartnerEntity::getPartnerNumber)
                 .map(Object::toString)
-                .map(partnerNumber -> partnerNumber + debitorNumberSuffix)
+                .map(partnerNumber -> partnerNumber + String.format("%02d", debitorNumberSuffix))
                 .orElse(null);
     }
 
@@ -141,7 +138,7 @@ public class HsOfficeDebitorEntity implements RbacObject, Stringifyable {
                                             JOIN hs_office_relation debitorRel
                                                 ON debitorRel.anchorUuid = partnerRel.holderUuid AND debitorRel.type = 'DEBITOR'
                                             WHERE debitorRel.uuid = debitor.debitorRelUuid)
-                                         || debitorNumberSuffix as idName
+                                         || to_char(debitorNumberSuffix, 'fm00') as idName
                         FROM hs_office_debitor AS debitor
                         """))
                 .withRestrictedViewOrderBy(SQL.projection("defaultPrefix"))
@@ -153,7 +150,7 @@ public class HsOfficeDebitorEntity implements RbacObject, Stringifyable {
                         "vatCountryCode",
                         "vatBusiness",
                         "vatReverseCharge",
-                        "defaultPrefix" /* TODO.spec: do we want that updatable? */)
+                        "defaultPrefix" /* TODO: do we want that updatable? */)
                 .toRole("global", ADMIN).grantPermission(INSERT)
 
                 .importRootEntityAliasProxy("debitorRel", HsOfficeRelationEntity.class,

src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java

@@ -5,7 +5,7 @@ import com.vladmihalcea.hibernate.type.range.Range;
 import lombok.*;
 import net.hostsharing.hsadminng.errors.DisplayName;
 import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationEntity;
-import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
+import net.hostsharing.hsadminng.persistence.HasUuid;
 import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerEntity;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL;
@@ -14,7 +14,6 @@ import net.hostsharing.hsadminng.stringify.Stringifyable;
 import org.hibernate.annotations.Type;
 
 import jakarta.persistence.*;
-import jakarta.validation.constraints.Pattern;
 import java.io.IOException;
 import java.time.LocalDate;
 import java.util.UUID;
@@ -42,10 +41,9 @@ import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
 @NoArgsConstructor
 @AllArgsConstructor
 @DisplayName("Membership")
-public class HsOfficeMembershipEntity implements RbacObject, Stringifyable {
+public class HsOfficeMembershipEntity implements HasUuid, Stringifyable {
 
     public static final String MEMBER_NUMBER_TAG = "M-";
-    public static final String TWO_DECIMAL_DIGITS = "^([0-9]{2})$";
 
     private static Stringify<HsOfficeMembershipEntity> stringify = stringify(HsOfficeMembershipEntity.class)
             .withProp(e -> MEMBER_NUMBER_TAG + e.getMemberNumber())
@@ -63,7 +61,6 @@ public class HsOfficeMembershipEntity implements RbacObject, Stringifyable {
     private HsOfficePartnerEntity partner;
 
     @Column(name = "membernumbersuffix", length = 2)
-    @Pattern(regexp = TWO_DECIMAL_DIGITS)
     private String memberNumberSuffix;
 
     @Column(name = "validity", columnDefinition = "daterange")

src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerDetailsEntity.java

@@ -2,7 +2,7 @@ package net.hostsharing.hsadminng.hs.office.partner;
 
 import lombok.*;
 import net.hostsharing.hsadminng.errors.DisplayName;
-import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
+import net.hostsharing.hsadminng.persistence.HasUuid;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL;
 import net.hostsharing.hsadminng.stringify.Stringify;
@@ -26,7 +26,7 @@ import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
 @NoArgsConstructor
 @AllArgsConstructor
 @DisplayName("PartnerDetails")
-public class HsOfficePartnerDetailsEntity implements RbacObject, Stringifyable {
+public class HsOfficePartnerDetailsEntity implements HasUuid, Stringifyable {
 
     private static Stringify<HsOfficePartnerDetailsEntity> stringify = stringify(
             HsOfficePartnerDetailsEntity.class,

src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerEntity.java

@@ -8,7 +8,7 @@ import lombok.Setter;
 import net.hostsharing.hsadminng.errors.DisplayName;
 import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactEntity;
 import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonEntity;
-import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
+import net.hostsharing.hsadminng.persistence.HasUuid;
 import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationEntity;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL;
@@ -45,7 +45,7 @@ import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
 @NoArgsConstructor
 @AllArgsConstructor
 @DisplayName("Partner")
-public class HsOfficePartnerEntity implements Stringifyable, RbacObject {
+public class HsOfficePartnerEntity implements Stringifyable, HasUuid {
 
     public static final String PARTNER_NUMBER_TAG = "P-";
 

src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepository.java

@@ -11,7 +11,7 @@ public interface HsOfficePartnerRepository extends Repository<HsOfficePartnerEnt
 
     Optional<HsOfficePartnerEntity> findByUuid(UUID id);
 
-    List<HsOfficePartnerEntity> findAll(); // TODO.impl: move to a repo in test sources
+    List<HsOfficePartnerEntity> findAll(); // TODO: move to a repo in test sources
 
     @Query("""
             SELECT partner FROM HsOfficePartnerEntity partner

src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java

@@ -3,7 +3,7 @@ package net.hostsharing.hsadminng.hs.office.person;
 import lombok.*;
 import lombok.experimental.FieldNameConstants;
 import net.hostsharing.hsadminng.errors.DisplayName;
-import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
+import net.hostsharing.hsadminng.persistence.HasUuid;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL;
 import net.hostsharing.hsadminng.stringify.Stringify;
@@ -30,7 +30,7 @@ import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
 @AllArgsConstructor
 @FieldNameConstants
 @DisplayName("Person")
-public class HsOfficePersonEntity implements RbacObject, Stringifyable {
+public class HsOfficePersonEntity implements HasUuid, Stringifyable {
 
     private static Stringify<HsOfficePersonEntity> toString = stringify(HsOfficePersonEntity.class, "person")
             .withProp(Fields.personType, HsOfficePersonEntity::getPersonType)

src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationEntity.java

@@ -4,7 +4,7 @@ import lombok.*;
 import lombok.experimental.FieldNameConstants;
 import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactEntity;
 import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonEntity;
-import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
+import net.hostsharing.hsadminng.persistence.HasUuid;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL;
 import net.hostsharing.hsadminng.stringify.Stringify;
@@ -32,7 +32,7 @@ import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
 @NoArgsConstructor
 @AllArgsConstructor
 @FieldNameConstants
-public class HsOfficeRelationEntity implements RbacObject, Stringifyable {
+public class HsOfficeRelationEntity implements HasUuid, Stringifyable {
 
     private static Stringify<HsOfficeRelationEntity> toString = stringify(HsOfficeRelationEntity.class, "rel")
             .withProp(Fields.anchor, HsOfficeRelationEntity::getAnchor)

src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntity.java

@@ -7,7 +7,7 @@ import net.hostsharing.hsadminng.errors.DisplayName;
 import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountEntity;
 import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorEntity;
 import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationEntity;
-import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
+import net.hostsharing.hsadminng.persistence.HasUuid;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
 import net.hostsharing.hsadminng.stringify.Stringify;
 import net.hostsharing.hsadminng.stringify.Stringifyable;
@@ -37,7 +37,7 @@ import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
 @NoArgsConstructor
 @AllArgsConstructor
 @DisplayName("SEPA-Mandate")
-public class HsOfficeSepaMandateEntity implements Stringifyable, RbacObject {
+public class HsOfficeSepaMandateEntity implements Stringifyable, HasUuid {
 
     private static Stringify<HsOfficeSepaMandateEntity> stringify = stringify(HsOfficeSepaMandateEntity.class)
             .withProp(e -> e.getBankAccount().getIban())

src/main/java/net/hostsharing/hsadminng/persistence/HasUuid.java

@@ -0,0 +1,7 @@
+package net.hostsharing.hsadminng.persistence;
+
+import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
+
+// TODO: remove this interface, I just wanted to avoid to many changes in that PR
+public interface HasUuid extends RbacObject {
+}

src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java

@@ -13,7 +13,7 @@ import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerEntity;
 import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonEntity;
 import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationEntity;
 import net.hostsharing.hsadminng.hs.office.sepamandate.HsOfficeSepaMandateEntity;
-import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
+import net.hostsharing.hsadminng.persistence.HasUuid;
 import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
 import net.hostsharing.hsadminng.test.cust.TestCustomerEntity;
 import net.hostsharing.hsadminng.test.dom.TestDomainEntity;
@@ -277,7 +277,7 @@ public class RbacView {
      */
     public <EC extends RbacObject> RbacView importRootEntityAliasProxy(
             final String aliasName,
-            final Class<? extends RbacObject> entityClass,
+            final Class<? extends HasUuid> entityClass,
             final SQL fetchSql,
             final Column dependsOnColum) {
         if (rootEntityAliasProxy != null) {
@@ -300,7 +300,7 @@ public class RbacView {
      *     a JPA entity class extending RbacObject
      */
     public RbacView importSubEntityAlias(
-            final String aliasName, final Class<? extends RbacObject> entityClass,
+            final String aliasName, final Class<? extends HasUuid> entityClass,
             final SQL fetchSql, final Column dependsOnColum) {
         importEntityAliasImpl(aliasName, entityClass, fetchSql, dependsOnColum, true, NOT_NULL);
         return this;
@@ -334,7 +334,7 @@ public class RbacView {
      *     a JPA entity class extending RbacObject
      */
     public RbacView importEntityAlias(
-            final String aliasName, final Class<? extends RbacObject> entityClass,
+            final String aliasName, final Class<? extends HasUuid> entityClass,
             final Column dependsOnColum, final SQL fetchSql, final Nullable nullable) {
         importEntityAliasImpl(aliasName, entityClass, fetchSql, dependsOnColum, false, nullable);
         return this;
@@ -342,14 +342,14 @@ public class RbacView {
 
     // TODO: remove once it's not used in HsOffice...Entity anymore
     public RbacView importEntityAlias(
-            final String aliasName, final Class<? extends RbacObject> entityClass,
+            final String aliasName, final Class<? extends HasUuid> entityClass,
             final Column dependsOnColum) {
         importEntityAliasImpl(aliasName, entityClass, directlyFetchedByDependsOnColumn(), dependsOnColum, false, null);
         return this;
     }
 
     private EntityAlias importEntityAliasImpl(
-            final String aliasName, final Class<? extends RbacObject> entityClass,
+            final String aliasName, final Class<? extends HasUuid> entityClass,
             final SQL fetchSql, final Column dependsOnColum, boolean asSubEntity, final Nullable nullable) {
         final var entityAlias = new EntityAlias(aliasName, entityClass, fetchSql, dependsOnColum, asSubEntity, nullable);
         entityAliases.put(aliasName, entityAlias);
@@ -1046,7 +1046,7 @@ public class RbacView {
         }
     }
 
-    private static void generateRbacView(final Class<? extends RbacObject> c) {
+    private static void generateRbacView(final Class<? extends HasUuid> c) {
         final Method mainMethod = stream(c.getMethods()).filter(
                         m -> isStatic(m.getModifiers()) && m.getName().equals("main")
                 )

src/main/java/net/hostsharing/hsadminng/test/cust/TestCustomerEntity.java

@@ -4,7 +4,7 @@ import lombok.AllArgsConstructor;
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.Setter;
-import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
+import net.hostsharing.hsadminng.persistence.HasUuid;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL;
 
@@ -24,7 +24,7 @@ import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
 @Setter
 @NoArgsConstructor
 @AllArgsConstructor
-public class TestCustomerEntity implements RbacObject {
+public class TestCustomerEntity implements HasUuid {
 
     @Id
     @GeneratedValue

src/main/java/net/hostsharing/hsadminng/test/dom/TestDomainEntity.java

@@ -4,7 +4,7 @@ import lombok.AllArgsConstructor;
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.Setter;
-import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
+import net.hostsharing.hsadminng.persistence.HasUuid;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL;
 import net.hostsharing.hsadminng.test.pac.TestPackageEntity;
@@ -26,7 +26,7 @@ import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
 @Setter
 @NoArgsConstructor
 @AllArgsConstructor
-public class TestDomainEntity implements RbacObject {
+public class TestDomainEntity implements HasUuid {
 
     @Id
     @GeneratedValue

src/main/java/net/hostsharing/hsadminng/test/pac/TestPackageEntity.java

@@ -4,7 +4,7 @@ import lombok.AllArgsConstructor;
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.Setter;
-import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
+import net.hostsharing.hsadminng.persistence.HasUuid;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
 import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL;
 import net.hostsharing.hsadminng.test.cust.TestCustomerEntity;
@@ -26,7 +26,7 @@ import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
 @Setter
 @NoArgsConstructor
 @AllArgsConstructor
-public class TestPackageEntity implements RbacObject {
+public class TestPackageEntity implements HasUuid {
 
     @Id
     @GeneratedValue

src/main/resources/api-definition/rbac/rbac-role-schemas.yaml

@@ -23,7 +23,7 @@ components:
                         - ADMIN
                         - AGENT
                         - TENANT
-                        - REFERRER
                         - GUEST
+                        - REFERRER
                 roleName:
                     type: string

src/main/resources/db/changelog/0-basis/010-context.sql

@@ -10,10 +10,10 @@
     This function will be overwritten by later changesets.
  */
 create procedure contextDefined(
-    currentTask varchar(127),
+    currentTask varchar,
-    currentRequest text,
+    currentRequest varchar,
-    currentUser varchar(63),
+    currentUser varchar,
-    assumedRoles varchar(1023)
+    assumedRoles varchar
 )
     language plpgsql as $$
 begin

src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql

@@ -248,7 +248,7 @@ declare
     objectUuidOfRole          uuid;
     roleUuid                  uuid;
 begin
-    -- TODO.refa: extract function toRbacRoleDescriptor(roleIdName varchar) + find other occurrences
+    -- TODO.refact: extract function toRbacRoleDescriptor(roleIdName varchar) + find other occurrences
     roleParts = overlay(roleIdName placing '#' from length(roleIdName) + 1 - strpos(reverse(roleIdName), ':'));
     objectTableFromRoleIdName = split_part(roleParts, '#', 1);
     objectNameFromRoleIdName = split_part(roleParts, '#', 2);
@@ -356,13 +356,16 @@ create trigger deleteRbacRolesOfRbacObject_Trigger
 /*
 
  */
-create domain RbacOp as varchar(6)
+create domain RbacOp as varchar(67) -- TODO: shorten to 8, once the deprecated values are gone
     check (
                VALUE = 'DELETE'
             or VALUE = 'UPDATE'
             or VALUE = 'SELECT'
             or VALUE = 'INSERT'
             or VALUE = 'ASSUME'
+            -- TODO: all values below are deprecated, use insert with table
+            or VALUE ~ '^add-[a-z]+$'
+            or VALUE ~ '^new-[a-z-]+$'
         );
 
 create table RbacPermission
@@ -414,6 +417,37 @@ begin
     return permissionUuid;
 end; $$;
 
+-- TODO: deprecated, remove and amend all usages to createPermission
+create or replace function createPermissions(forObjectUuid uuid, permitOps RbacOp[])
+    returns uuid[]
+    language plpgsql as $$
+declare
+    refId         uuid;
+    permissionIds uuid[] = array []::uuid[];
+begin
+    if (forObjectUuid is null) then
+        raise exception 'forObjectUuid must not be null';
+    end if;
+
+    for i in array_lower(permitOps, 1)..array_upper(permitOps, 1)
+        loop
+            refId = (select uuid from RbacPermission where objectUuid = forObjectUuid and op = permitOps[i]);
+            if (refId is null) then
+                insert
+                    into RbacReference ("type")
+                    values ('RbacPermission')
+                    returning uuid into refId;
+                insert
+                    into RbacPermission (uuid, objectUuid, op)
+                    values (refId, forObjectUuid, permitOps[i]);
+            end if;
+            permissionIds = permissionIds || refId;
+        end loop;
+
+    return permissionIds;
+end;
+$$;
+
 create or replace function findEffectivePermissionId(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null)
     returns uuid
     returns null on null input
@@ -615,6 +649,25 @@ begin
 end;
 $$;
 
+-- TODO: deprecated, remove and use grantPermissionToRole(...)
+create or replace procedure grantPermissionsToRole(roleUuid uuid, permissionIds uuid[])
+    language plpgsql as $$
+begin
+    if cardinality(permissionIds) = 0 then return; end if;
+
+    for i in array_lower(permissionIds, 1)..array_upper(permissionIds, 1)
+        loop
+            perform assertReferenceType('roleId (ascendant)', roleUuid, 'RbacRole');
+            perform assertReferenceType('permissionId (descendant)', permissionIds[i], 'RbacPermission');
+
+            insert
+                into RbacGrants (grantedByTriggerOf, ascendantUuid, descendantUuid, assumed)
+                values (currentTriggerObjectUuid(), roleUuid, permissionIds[i], true)
+            on conflict do nothing; -- allow granting multiple times
+        end loop;
+end;
+$$;
+
 create or replace procedure grantRoleToRole(subRoleId uuid, superRoleId uuid, doAssume bool = true)
     language plpgsql as $$
 begin
@@ -638,7 +691,7 @@ declare
     superRoleId uuid;
     subRoleId uuid;
 begin
-    -- TODO.refa: maybe separate method grantRoleToRoleIfNotNull(...) for NULLABLE references
+    -- TODO: maybe separate method grantRoleToRoleIfNotNull(...) for NULLABLE references
     if superRole.objectUuid is null or subRole.objectuuid is null then
         return;
     end if;

src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql

@@ -85,10 +85,10 @@ end; $$;
     This function will be overwritten by later changesets.
  */
 create or replace procedure contextDefined(
-    currentTask varchar(127),
+    currentTask varchar,
-    currentRequest text,
+    currentRequest varchar,
-    currentUser varchar(63),
+    currentUser varchar,
-    assumedRoles varchar(1023)
+    assumedRoles varchar
 )
     language plpgsql as $$
 declare

src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql

@@ -1,5 +1,18 @@
 --liquibase formatted sql
 
+-- ============================================================================
+-- PERMISSIONS
+--changeset rbac-role-builder-to-uuids:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+create or replace function toPermissionUuids(forObjectUuid uuid, permitOps RbacOp[])
+    returns uuid[]
+    language plpgsql
+    strict as $$
+begin
+    return createPermissions(forObjectUuid, permitOps);
+end; $$;
+
 
 -- =================================================================
 -- CREATE ROLE
@@ -19,8 +32,6 @@ create or replace function createRoleWithGrants(
     language plpgsql as $$
 declare
     roleUuid                uuid;
-    permission              RbacOp;
-    permissionUuid          uuid;
     subRoleDesc             RbacRoleDescriptor;
     superRoleDesc           RbacRoleDescriptor;
     subRoleUuid             uuid;
@@ -30,11 +41,9 @@ declare
 begin
     roleUuid := createRole(roleDescriptor);
 
-    foreach permission in array permissions
+    if cardinality(permissions) > 0 then
-        loop
+        call grantPermissionsToRole(roleUuid, toPermissionUuids(roleDescriptor.objectuuid, permissions));
-            permissionUuid := createPermission(roleDescriptor.objectuuid, permission);
+    end if;
-            call grantPermissionToRole(permissionUuid, roleUuid);
-        end loop;
 
     foreach superRoleDesc in array array_remove(incomingSuperRoles, null)
         loop
@@ -51,7 +60,7 @@ begin
     if cardinality(userUuids) > 0 then
         -- direct grants to users need a grantedByRole which can revoke the grant
         if grantedByRole is null then
-            userGrantsByRoleUuid := roleUuid; -- TODO.spec: or do we want to require an explicit userGrantsByRoleUuid?
+            userGrantsByRoleUuid := roleUuid; -- TODO: or do we want to require an explicit userGrantsByRoleUuid?
         else
             userGrantsByRoleUuid := getRoleId(grantedByRole);
         end if;

src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql

@@ -73,6 +73,15 @@ begin
             return roleDescriptor('%2$s', entity.uuid, 'TENANT', assumed);
         end; $f$;
 
+        -- TODO: remove guest role
+        create or replace function %1$sGuest(entity %2$s, assumed boolean = true)
+            returns RbacRoleDescriptor
+            language plpgsql
+            strict as $f$
+        begin
+            return roleDescriptor('%2$s', entity.uuid, 'GUEST', assumed);
+        end; $f$;
+
         create or replace function %1$sReferrer(entity %2$s)
             returns RbacRoleDescriptor
             language plpgsql

src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql

@@ -7,7 +7,7 @@
 create table hs_office_debitor
 (
     uuid                    uuid unique references RbacObject (uuid) initially deferred,
-    debitorNumberSuffix     char(2) not null check (debitorNumberSuffix::text ~ '^[0-9][0-9]$'),
+    debitorNumberSuffix     numeric(2) not null,
     debitorRelUuid          uuid not null references hs_office_relation(uuid),
     billable                boolean not null default true,
     vatId                   varchar(24), -- TODO.spec: here or in person?

src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql

@@ -201,7 +201,7 @@ create trigger hs_office_debitor_insert_permission_check_tg
                             JOIN hs_office_relation debitorRel
                                 ON debitorRel.anchorUuid = partnerRel.holderUuid AND debitorRel.type = 'DEBITOR'
                             WHERE debitorRel.uuid = debitor.debitorRelUuid)
-                         || debitorNumberSuffix as idName
+                         || to_char(debitorNumberSuffix, 'fm00') as idName
         FROM hs_office_debitor AS debitor
         $idName$);
 --//

src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql

@@ -10,7 +10,7 @@
  */
 create or replace procedure createHsOfficeSepaMandateTestData(
         forPartnerNumber numeric(5),
-        forDebitorSuffix char(2),
+        forDebitorSuffix numeric(2),
         forIban varchar,
         withReference varchar)
     language plpgsql as $$
@@ -48,9 +48,9 @@ end; $$;
 
 do language plpgsql $$
     begin
-        call createHsOfficeSepaMandateTestData(10001, '11', 'DE02120300000000202051', 'ref-10001-11');
+        call createHsOfficeSepaMandateTestData(10001, 11, 'DE02120300000000202051', 'ref-10001-11');
-        call createHsOfficeSepaMandateTestData(10002, '12', 'DE02100500000054540402', 'ref-10002-12');
+        call createHsOfficeSepaMandateTestData(10002, 12, 'DE02100500000054540402', 'ref-10002-12');
-        call createHsOfficeSepaMandateTestData(10003, '13', 'DE02300209000106531065', 'ref-10003-13');
+        call createHsOfficeSepaMandateTestData(10003, 13, 'DE02300209000106531065', 'ref-10003-13');
     end;
 $$;
 --//

src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql

@@ -12,7 +12,8 @@ create table if not exists hs_office_membership
 (
     uuid                    uuid unique references RbacObject (uuid) initially deferred,
     partnerUuid             uuid not null references hs_office_partner(uuid),
-    memberNumberSuffix      char(2) not null check (memberNumberSuffix::text ~ '^[0-9][0-9]$'),
+    memberNumberSuffix      char(2) not null check (
+        memberNumberSuffix::text ~ '^[0-9][0-9]$'),
     validity                daterange not null,
     reasonForTermination    HsOfficeReasonForTermination not null default 'NONE',
     membershipFeeBillable   boolean not null default true,

src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java

@@ -121,7 +121,7 @@ public class ArchitectureTest {
             .should().onlyBeAccessed().byClassesThat()
             .resideInAnyPackage(
                     "..hs.office.(*)..",
-                    "..rbac.rbacgrant" // TODO.test: just because of RbacGrantsDiagramServiceIntegrationTest
+                    "..rbac.rbacgrant" // TODO: just because of RbacGrantsDiagramServiceIntegrationTest
             );
 
     @ArchTest

src/test/java/net/hostsharing/hsadminng/context/ContextUnitTest.java

@@ -27,12 +27,12 @@ import static org.mockito.Mockito.verify;
 class ContextUnitTest {
 
     private static final String DEFINE_CONTEXT_QUERY_STRING = """
-           call defineContext(
+            call defineContext(
-               cast(:currentTask as varchar(127)),
+                cast(:currentTask as varchar),
-               cast(:currentRequest as text),
+                cast(:currentRequest as varchar),
-               cast(:currentUser as varchar(63)),
+                cast(:currentUser as varchar),
-               cast(:assumedRoles as varchar(1023)));
+                cast(:assumedRoles as varchar));
-           """;
+            """;
 
     @Nested
     class WithoutHttpRequest {
@@ -71,7 +71,7 @@ class ContextUnitTest {
             context.define("current-user");
 
             verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING);
-            verify(nativeQuery).setParameter("currentRequest", null);
+            verify(nativeQuery).setParameter("currentRequest", "");
         }
     }
 
@@ -142,8 +142,8 @@ class ContextUnitTest {
         }
 
         @Test
-        void shortensCurrentTaskToMaxLength() throws IOException {
+        void shortensCurrentTaskTo96Chars() throws IOException {
-            givenRequest("GET", "http://localhost:9999/api/endpoint/" + "0123456789".repeat(13),
+            givenRequest("GET", "http://localhost:9999/api/endpoint/" + "0123456789".repeat(10),
                     Map.ofEntries(
                             Map.entry("current-user", "given-user"),
                             Map.entry("content-type", "application/json"),
@@ -153,7 +153,26 @@ class ContextUnitTest {
             context.define("current-user");
 
             verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING);
-            verify(nativeQuery).setParameter(eq("currentTask"), argThat((String t) -> t.length() == 127));
+            verify(nativeQuery).setParameter(eq("currentTask"), argThat((String t) -> t.length() == 96));
+        }
+
+        @Test
+        void shortensCurrentRequestTo512Chars() throws IOException {
+            givenRequest("GET", "http://localhost:9999/api/endpoint",
+                    Map.ofEntries(
+                            Map.entry("current-user", "given-user"),
+                            Map.entry("content-type", "application/json"),
+                            Map.entry("user-agent", "given-user-agent")),
+                    """
+                               {
+                                   "dummy": "%s"
+                               }
+                            """.formatted("0123456789".repeat(60)));
+
+            context.define("current-user");
+
+            verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING);
+            verify(nativeQuery).setParameter(eq("currentRequest"), argThat((String t) -> t.length() == 512));
         }
 
         private void givenRequest(final String method, final String url, final Map<String, String> headers, final String body)

src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java

@@ -722,7 +722,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
             final var givenPartner = partnerRepo.findPartnerByOptionalNameLike("Fourth").get(0);
             final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth contact").get(0);
             final var newDebitor = HsOfficeDebitorEntity.builder()
-                    .debitorNumberSuffix(nextDebitorSuffix())
+                    .debitorNumberSuffix(++nextDebitorSuffix)
                     .billable(true)
                     .debitorRel(
                             HsOfficeRelationEntity.builder()
@@ -751,8 +751,4 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
             System.out.printf("deleted %d entities%n", count);
         });
     }
-
-    private String nextDebitorSuffix() {
-        return String.format("%02d", nextDebitorSuffix++);
-    }
 }

src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorEntityUnitTest.java

@@ -26,7 +26,7 @@ class HsOfficeDebitorEntityUnitTest {
     @Test
     void toStringContainsPartnerAndContact() {
         final var given = HsOfficeDebitorEntity.builder()
-                .debitorNumberSuffix("67")
+                .debitorNumberSuffix((byte)67)
                 .debitorRel(givenDebitorRel)
                 .defaultPrefix("som")
                 .partner(HsOfficePartnerEntity.builder()
@@ -43,7 +43,7 @@ class HsOfficeDebitorEntityUnitTest {
     void toShortStringContainsDebitorNumber() {
         final var given = HsOfficeDebitorEntity.builder()
                 .debitorRel(givenDebitorRel)
-                .debitorNumberSuffix("67")
+                .debitorNumberSuffix((byte)67)
                 .partner(HsOfficePartnerEntity.builder()
                         .partnerNumber(12345)
                         .build())
@@ -58,7 +58,7 @@ class HsOfficeDebitorEntityUnitTest {
     void getDebitorNumberWithPartnerNumberAndDebitorNumberSuffix() {
         final var given = HsOfficeDebitorEntity.builder()
                 .debitorRel(givenDebitorRel)
-                .debitorNumberSuffix("67")
+                .debitorNumberSuffix((byte)67)
                 .partner(HsOfficePartnerEntity.builder()
                         .partnerNumber(12345)
                         .build())
@@ -73,7 +73,7 @@ class HsOfficeDebitorEntityUnitTest {
     void getDebitorNumberWithoutPartnerReturnsNull() {
         final var given = HsOfficeDebitorEntity.builder()
                 .debitorRel(givenDebitorRel)
-                .debitorNumberSuffix("67")
+                .debitorNumberSuffix((byte)67)
                 .partner(null)
                 .build();
 
@@ -86,7 +86,7 @@ class HsOfficeDebitorEntityUnitTest {
     void getDebitorNumberWithoutPartnerNumberReturnsNull() {
         final var given = HsOfficeDebitorEntity.builder()
                 .debitorRel(givenDebitorRel)
-                .debitorNumberSuffix("67")
+                .debitorNumberSuffix((byte)67)
                 .partner(HsOfficePartnerEntity.builder().build())
                 .build();
 

src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java

@@ -89,7 +89,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
             // when
             final var result = attempt(em, () -> {
                 final var newDebitor = HsOfficeDebitorEntity.builder()
-                        .debitorNumberSuffix("21")
+                        .debitorNumberSuffix((byte)21)
                         .debitorRel(HsOfficeRelationEntity.builder()
                                 .type(HsOfficeRelationType.DEBITOR)
                                 .anchor(givenPartnerPerson)
@@ -121,7 +121,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
             // when
             final var result = attempt(em, () -> {
                 final var newDebitor = HsOfficeDebitorEntity.builder()
-                        .debitorNumberSuffix("21")
+                        .debitorNumberSuffix((byte)21)
                         .debitorRel(HsOfficeRelationEntity.builder()
                                 .type(HsOfficeRelationType.DEBITOR)
                                 .anchor(givenPartnerPerson)
@@ -156,7 +156,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
                 final var givenDebitorPerson = one(personRepo.findPersonByOptionalNameLike("Fourth eG"));
                 final var givenContact = one(contactRepo.findContactByOptionalLabelLike("fourth contact"));
                 final var newDebitor = HsOfficeDebitorEntity.builder()
-                        .debitorNumberSuffix("22")
+                        .debitorNumberSuffix((byte)22)
                         .debitorRel(HsOfficeRelationEntity.builder()
                                 .type(HsOfficeRelationType.DEBITOR)
                                 .anchor(givenPartnerPerson)
@@ -613,7 +613,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
             final var givenBankAccount =
                     bankAccountHolder != null ? one(bankAccountRepo.findByOptionalHolderLike(bankAccountHolder)) : null;
             final var newDebitor = HsOfficeDebitorEntity.builder()
-                    .debitorNumberSuffix("20")
+                    .debitorNumberSuffix((byte)20)
                     .debitorRel(HsOfficeRelationEntity.builder()
                             .type(HsOfficeRelationType.DEBITOR)
                             .anchor(givenPartnerPerson)

src/test/java/net/hostsharing/hsadminng/hs/office/debitor/TestHsOfficeDebitor.java

@@ -10,7 +10,7 @@ import static net.hostsharing.hsadminng.hs.office.partner.TestHsOfficePartner.TE
 @UtilityClass
 public class TestHsOfficeDebitor {
 
-    public String DEFAULT_DEBITOR_SUFFIX = "00";
+    public byte DEFAULT_DEBITOR_SUFFIX = 0;
 
     public static final HsOfficeDebitorEntity TEST_DEBITOR = HsOfficeDebitorEntity.builder()
             .debitorNumberSuffix(DEFAULT_DEBITOR_SUFFIX)

src/test/java/net/hostsharing/hsadminng/hs/office/migration/ImportOfficeData.java

@@ -724,7 +724,7 @@ public class ImportOfficeData extends ContextBasedTest {
                     relations.put(relationId++, debitorRel);
 
                     final var debitor = HsOfficeDebitorEntity.builder()
-                            .debitorNumberSuffix("00")
+                            .debitorNumberSuffix((byte) 0)
                             .partner(partner)
                             .debitorRel(debitorRel)
                             .defaultPrefix(rec.getString("member_code").replace("hsh00-", ""))

src/test/java/net/hostsharing/hsadminng/hs/office/test/ContextBasedTestWithCleanup.java

@@ -1,7 +1,7 @@
 package net.hostsharing.hsadminng.hs.office.test;
 
 import net.hostsharing.hsadminng.context.ContextBasedTest;
-import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
+import net.hostsharing.hsadminng.persistence.HasUuid;
 import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantEntity;
 import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantRepository;
 import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService;
@@ -66,7 +66,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
         return merged;
     }
 
-    public UUID toCleanup(final Class<? extends RbacObject> entityClass, final UUID uuidToCleanup) {
+    public UUID toCleanup(final Class<? extends HasUuid> entityClass, final UUID uuidToCleanup) {
         out.println("toCleanup(" + entityClass.getSimpleName() + ", " + uuidToCleanup);
         entitiesToCleanup.put(uuidToCleanup, entityClass);
         return uuidToCleanup;
@@ -81,7 +81,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
         return entity;
     }
 
-    protected void cleanupAllNew(final Class<? extends RbacObject> entityClass) {
+    protected void cleanupAllNew(final Class<? extends HasUuid> entityClass) {
         if (initialRbacObjects == null) {
             out.println("skipping cleanupAllNew: " + entityClass.getSimpleName());
             return; // TODO: seems @AfterEach is called without any @BeforeEach

src/test/java/net/hostsharing/hsadminng/hs/office/test/EntityList.java

@@ -1,6 +1,6 @@
 package net.hostsharing.hsadminng.hs.office.test;
 
-import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
+import net.hostsharing.hsadminng.persistence.HasUuid;
 
 import java.util.List;
 
@@ -8,7 +8,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 
 public class EntityList {
 
-    public static <E extends RbacObject> E one(final List<E> entities) {
+    public static <E extends HasUuid> E one(final List<E> entities) {
         assertThat(entities).hasSize(1);
         return entities.stream().findFirst().orElseThrow();
     }

src/test/java/net/hostsharing/test/JpaAttempt.java

@@ -130,6 +130,7 @@ public class JpaAttempt {
                 final Class<? extends RuntimeException> expectedExceptionClass,
                 final String... expectedRootCauseMessages) {
             assertThat(wasSuccessful()).as("wasSuccessful").isFalse();
+            // TODO: also check the expected exception class itself
             final String firstRootCauseMessageLine = firstRootCauseMessageLineOf(caughtException(expectedExceptionClass));
             for (String expectedRootCauseMessage : expectedRootCauseMessages) {
                 assertThat(firstRootCauseMessageLine).contains(expectedRootCauseMessage);

src/test/java/net/hostsharing/test/PatchUnitTestBase.java

@@ -1,6 +1,6 @@
 package net.hostsharing.test;
 
-import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
+import net.hostsharing.hsadminng.persistence.HasUuid;
 import net.hostsharing.hsadminng.mapper.EntityPatcher;
 import org.junit.jupiter.api.Named;
 import org.junit.jupiter.api.Test;
@@ -233,7 +233,7 @@ public abstract class PatchUnitTestBase<R, E> {
         }
     }
 
-    protected static class JsonNullableProperty<R, RV, E extends RbacObject, EV> extends Property<R, RV, E, EV> {
+    protected static class JsonNullableProperty<R, RV, E extends HasUuid, EV> extends Property<R, RV, E, EV> {
 
         private final BiConsumer<R, JsonNullable<RV>> resourceSetter;
         public final RV givenPatchValue;