Compare commits

..

No commits in common. "878a87f1c415222da33b7d605bf728aac6ea2244" and "266cd16b52d60e4d193afc571f3bdf0624ee2efb" have entirely different histories.

3 changed files with 40 additions and 45 deletions

View File

@ -45,7 +45,6 @@ public class RbacGrantsDiagramService {
NON_TEST_ENTITIES;
public static final EnumSet<Include> ALL = EnumSet.allOf(Include.class);
public static final EnumSet<Include> ALL_TEST_ENTITY_RELATED = EnumSet.of(USERS, DETAILS, NOT_ASSUMED, TEST_ENTITIES, PERMISSIONS);
}
@Autowired

View File

@ -26,7 +26,6 @@ import java.util.List;
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.test.Array.fromFormatted;
import static net.hostsharing.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
@ -95,6 +94,8 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
context("superuser-alex@hostsharing.net");
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
.map(s -> s.replace("-firstcontact", "-..."))
.map(s -> s.replace("PaulWinkler", "Paul..."))
.map(s -> s.replace("hs_office_", ""))
.toList();
@ -117,36 +118,41 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
final var all = rawRoleRepo.findAll();
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(
initialRoleNames,
"hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).admin",
"hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).agent",
"hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).owner",
"hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).referrer"));
"hs_office_sepamandate#temprefB.owner",
"hs_office_sepamandate#temprefB.admin",
"hs_office_sepamandate#temprefB.agent",
"hs_office_sepamandate#temprefB.tenant",
"hs_office_sepamandate#temprefB.guest"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.map(s -> s.replace("-firstcontact", "-..."))
.map(s -> s.replace("PaulWinkler", "Paul..."))
.map(s -> s.replace("hs_office_", ""))
.containsExactlyInAnyOrder(fromFormatted(
.containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames,
// owner
"{ grant perm DELETE on sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01) to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).owner by system and assume }",
"{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).owner to role global#global.admin by system and assume }",
"{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).owner to user superuser-alex@hostsharing.net by sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).owner and assume }",
"{ grant perm DELETE on sepamandate#temprefB to role sepamandate#temprefB.owner by system and assume }",
"{ grant role sepamandate#temprefB.owner to role global#global.admin by system and assume }",
// admin
"{ grant perm UPDATE on sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01) to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).admin by system and assume }",
"{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).admin to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).owner by system and assume }",
"{ grant perm UPDATE on sepamandate#temprefB to role sepamandate#temprefB.admin by system and assume }",
"{ grant role sepamandate#temprefB.admin to role sepamandate#temprefB.owner by system and assume }",
"{ grant role bankaccount#Paul....tenant to role sepamandate#temprefB.admin by system and assume }",
// agent
"{ grant role bankaccount#DE02600501010002034304.referrer to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).agent by system and assume }",
"{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).agent to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).admin by system and assume }",
"{ grant role relationship#FirstGmbH-with-ACCOUNTING-FirstGmbH.agent to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).agent by system and assume }",
"{ grant role sepamandate#temprefB.agent to role sepamandate#temprefB.admin by system and assume }",
"{ grant role debitor#1000111:FirstGmbH-....tenant to role sepamandate#temprefB.agent by system and assume }",
"{ grant role sepamandate#temprefB.agent to role bankaccount#Paul....admin by system and assume }",
"{ grant role sepamandate#temprefB.agent to role debitor#1000111:FirstGmbH-....admin by system and assume }",
// referrer
"{ grant perm SELECT on sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01) to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).referrer by system and assume }",
"{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).referrer to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).agent by system and assume }",
"{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).referrer to role bankaccount#DE02600501010002034304.admin by system and assume }",
"{ grant role relationship#FirstGmbH-with-ACCOUNTING-FirstGmbH.tenant to role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).referrer by system and assume }",
"{ grant role sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01).referrer to role relationship#FirstGmbH-with-ACCOUNTING-FirstGmbH.agent by system and assume }",
// tenant
"{ grant role sepamandate#temprefB.tenant to role sepamandate#temprefB.agent by system and assume }",
"{ grant role debitor#1000111:FirstGmbH-....guest to role sepamandate#temprefB.tenant by system and assume }",
"{ grant role bankaccount#Paul....guest to role sepamandate#temprefB.tenant by system and assume }",
// guest
"{ grant perm SELECT on sepamandate#temprefB to role sepamandate#temprefB.guest by system and assume }",
"{ grant role sepamandate#temprefB.guest to role sepamandate#temprefB.tenant by system and assume }",
null));
}
@ -230,10 +236,10 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
@Test
public void hostsharingAdmin_canUpdateArbitrarySepaMandate() {
// given
final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02600501010002034304");
final var givenSepaMandate = givenSomeTemporarySepaMandateBessler("Peter Smith");
assertThatSepaMandateIsVisibleForUserWithRole(
givenSepaMandate,
"hs_office_bankaccount#DE02600501010002034304.admin");
"hs_office_bankaccount#PeterSmith.admin");
// when
final var result = jpaAttempt.transacted(() -> {
@ -258,18 +264,16 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
public void bankAccountAdmin_canViewButNotUpdateRelatedSepaMandate() {
// given
context("superuser-alex@hostsharing.net");
final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02300606010002474689");
final var givenSepaMandate = givenSomeTemporarySepaMandateBessler("Anita Bessler");
assertThatSepaMandateIsVisibleForUserWithRole(
givenSepaMandate,
"hs_office_bankaccount#DE02300606010002474689.admin");
"hs_office_bankaccount#AnitaBessler.admin");
assertThatSepaMandateActuallyInDatabase(givenSepaMandate);
final var newValidityEnd = LocalDate.now();
// when
final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", "hs_office_bankaccount#DE02300606010002474689.admin");
context("superuser-alex@hostsharing.net", "hs_office_bankaccount#AnitaBessler.admin");
givenSepaMandate.setValidity(Range.closedOpen(
givenSepaMandate.getValidity().lower(), newValidityEnd));
return toCleanup(sepaMandateRepo.save(givenSepaMandate));
@ -313,7 +317,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
public void globalAdmin_withoutAssumedRole_canDeleteAnySepaMandate() {
// given
context("superuser-alex@hostsharing.net", null);
final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02200505501015871393");
final var givenSepaMandate = givenSomeTemporarySepaMandateBessler("Fourth eG");
// when
final var result = jpaAttempt.transacted(() -> {
@ -333,7 +337,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
public void nonGlobalAdmin_canNotDeleteTheirRelatedSepaMandate() {
// given
context("superuser-alex@hostsharing.net", null);
final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02300209000106531065");
final var givenSepaMandate = givenSomeTemporarySepaMandateBessler("Third OHG");
// when
final var result = jpaAttempt.transacted(() -> {
@ -359,7 +363,11 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
context("superuser-alex@hostsharing.net");
final var initialRoleNames = Array.from(distinctRoleNamesOf(rawRoleRepo.findAll()));
final var initialGrantNames = Array.from(distinctGrantDisplaysOf(rawGrantRepo.findAll()));
final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02600501010002034304");
final var givenSepaMandate = givenSomeTemporarySepaMandateBessler("Mel Bessler");
assertThat(distinctRoleNamesOf(rawRoleRepo.findAll()).size()).as("precondition failed: unexpected number of roles created")
.isEqualTo(initialRoleNames.length + 5);
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()).size()).as("precondition failed: unexpected number of grants created")
.isEqualTo(initialGrantNames.length + 14);
// when
final var result = jpaAttempt.transacted(() -> {
@ -394,11 +402,11 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
"[creating SEPA-mandate test-data 1000313, hs_office_sepamandate, INSERT]");
}
private HsOfficeSepaMandateEntity givenSomeTemporarySepaMandate(final String iban) {
private HsOfficeSepaMandateEntity givenSomeTemporarySepaMandateBessler(final String bankAccountHolder) {
return jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net");
final var givenDebitor = debitorRepo.findDebitorByOptionalNameLike("First").get(0);
final var givenBankAccount = bankAccountRepo.findByIbanOrderByIbanAsc(iban).get(0);
final var givenBankAccount = bankAccountRepo.findByOptionalHolderLike(bankAccountHolder).get(0);
final var newSepaMandate = HsOfficeSepaMandateEntity.builder()
.debitor(givenDebitor)
.bankAccount(givenBankAccount)

View File

@ -4,7 +4,6 @@ import net.hostsharing.hsadminng.context.ContextBasedTest;
import net.hostsharing.hsadminng.persistence.HasUuid;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantEntity;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantRepository;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService;
import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleEntity;
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository;
@ -255,17 +254,6 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
.collect(toSet());
}).assertSuccessful().returnedValue();
}
/**
* Generates a diagram of the RBAC-Grants to the current subjects (user or assumed roles).
*/
protected void generateRbacGrantsDiagram(final EnumSet<RbacGrantsDiagramService.Include> include, final String title) {
RbacGrantsDiagramService.writeToFile(
title,
diagramService.allGrantsToCurrentUser(include),
"doc/" + title + ".md"
);
}
}
interface RbacObjectRepository extends Repository<RbacObjectEntity, UUID> {