Compare commits

..

No commits in common. "ae2672e8452ed312f090a2fabdb023db3be8a546" and "ac32f1138c068ee567288872a43f06942c4d286d" have entirely different histories.

6 changed files with 56 additions and 49 deletions

View File

@ -103,14 +103,10 @@ public class HsOfficeRelationshipEntity implements HasUuid, Stringifyable {
.createRole(OWNER, (with) -> {
with.owningUser(CREATOR);
with.incomingSuperRole(GLOBAL, ADMIN);
// TODO: if type=REPRESENTATIIVE
// with.incomingSuperRole("holderPerson", ADMIN);
with.permission(DELETE);
})
.createSubRole(ADMIN, (with) -> {
with.incomingSuperRole("anchorPerson", ADMIN);
// TODO: if type=REPRESENTATIIVE
// with.outgoingSuperRole("anchorPerson", OWNER);
with.permission(UPDATE);
})
.createSubRole(AGENT, (with) -> {

View File

@ -145,7 +145,7 @@ public class RbacGrantsDiagramService {
final var avoidCroppedNodeLabels = "%%{init:{'flowchart':{'htmlLabels':false}}}%%\n\n";
return (includes.contains(DETAILS) ? avoidCroppedNodeLabels : "")
+ (graph.size() >= GRANT_LIMIT ? "%% too many grants, graph is cropped\n" : "")
+ (grants.length() > GRANT_LIMIT ? "%% too many grants, graph is cropped\n" : "")
+ "flowchart TB\n\n"
+ entities
+ grants;

View File

@ -276,7 +276,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
@Test
@Accepts({ "CoopAssetTransaction:X(Access Control)" })
void partnerPersonUser_canGetRelatedCoopAssetTransaction() {
void contactAdminUser_canGetRelatedCoopAssetTransaction() {
context.define("superuser-alex@hostsharing.net");
final var givenCoopAssetTransactionUuid = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange(
null,
@ -285,7 +285,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("current-user", "person-FirstGmbH@example.com")
.header("current-user", "contact-admin@firstcontact.example.com")
.port(port)
.when()
.get("http://localhost/api/hs/office/coopassetstransactions/" + givenCoopAssetTransactionUuid)

View File

@ -193,9 +193,9 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
}
@Test
public void partnerPersonAdmin_canViewRelatedCoopAssetsTransactions() {
public void representative_canViewRelatedCoopAssetsTransactions() {
// given:
context("superuser-alex@hostsharing.net", "hs_office_person#FirstGmbH.admin");
context("superuser-alex@hostsharing.net", "hs_office_person#FirbySusan.admin");
// when:
final var result = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange(

View File

@ -24,7 +24,6 @@ import jakarta.persistence.PersistenceContext;
import java.time.LocalDate;
import java.util.UUID;
import static java.util.Optional.ofNullable;
import static net.hostsharing.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
@ -71,27 +70,35 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
.then().log().all().assertThat()
.statusCode(200)
.contentType("application/json")
.log().all()
.body("", lenientlyEquals("""
[
{
"debitor": { "debitorNumber": 1000111 },
"bankAccount": { "holder": "First GmbH" },
"reference": "ref-10001-11",
"validFrom": "2022-10-01",
"validTo": "2026-12-31"
"debitor": {
"debitorNumber": 1000212,
"billingContact": { "label": "second contact" }
},
{
"debitor": { "debitorNumber": 1000212 },
"bankAccount": { "holder": "Second e.K." },
"reference": "ref-10002-12",
"reference": "refSeconde.K.",
"validFrom": "2022-10-01",
"validTo": "2026-12-31"
},
{
"debitor": { "debitorNumber": 1000313 },
"debitor": {
"debitorNumber": 1000111,
"billingContact": { "label": "first contact" }
},
"bankAccount": { "holder": "First GmbH" },
"reference": "refFirstGmbH",
"validFrom": "2022-10-01",
"validTo": "2026-12-31"
},
{
"debitor": {
"debitorNumber": 1000313,
"billingContact": { "label": "third contact" }
},
"bankAccount": { "holder": "Third OHG" },
"reference": "ref-10003-13",
"reference": "refThirdOHG",
"validFrom": "2022-10-01",
"validTo": "2026-12-31"
}
@ -132,7 +139,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
.statusCode(201)
.contentType(ContentType.JSON)
.body("uuid", isUuidValid())
.body("debitor.partner.partnerNumber", is(10003))
.body("debitor.partner.person.tradeName", is("Third OHG"))
.body("bankAccount.iban", is("DE02200505501015871393"))
.body("reference", is("temp ref CAT A"))
.body("validFrom", is("2022-10-13"))
@ -255,7 +262,10 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
.contentType("application/json")
.body("", lenientlyEquals("""
{
"debitor": { "debitorNumber": 1000111 },
"debitor": {
"debitorNumber": 1000111,
"billingContact": { "label": "first contact" }
},
"bankAccount": {
"holder": "First GmbH",
"iban": "DE02120300000000202051"
@ -304,7 +314,10 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
.contentType("application/json")
.body("", lenientlyEquals("""
{
"debitor": { "debitorNumber": 1000111 },
"debitor": {
"debitorNumber": 1000111,
"billingContact": { "label": "first contact" }
},
"bankAccount": {
"holder": "First GmbH",
"iban": "DE02120300000000202051"
@ -324,7 +337,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
void globalAdmin_canPatchAllUpdatablePropertiesOfSepaMandate() {
final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111);
final var givenSepaMandate = givenSomeTemporarySepaMandate();
final var location = RestAssured // @formatter:off
.given()
@ -345,7 +358,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
.statusCode(200)
.contentType(ContentType.JSON)
.body("uuid", isUuidValid())
.body("debitor.debitorNumber", is(1000111))
.body("debitor.partner.person.tradeName", is("First GmbH"))
.body("bankAccount.iban", is("DE02120300000000202051"))
.body("reference", is("temp ref CAT Z - patched"))
.body("agreement", is("2020-06-01"))
@ -357,7 +370,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
context.define("superuser-alex@hostsharing.net");
assertThat(sepaMandateRepo.findByUuid(givenSepaMandate.getUuid())).isPresent().get()
.matches(mandate -> {
assertThat(mandate.getDebitor().toString()).isEqualTo("debitor(D-1000111: rel(relAnchor='LP First GmbH', relType='ACCOUNTING', relHolder='LP First GmbH'), fir)");
assertThat(mandate.getDebitor().toString()).isEqualTo("debitor(D-1000111: P-10001, fir)");
assertThat(mandate.getBankAccount().toShortString()).isEqualTo("First GmbH");
assertThat(mandate.getReference()).isEqualTo("temp ref CAT Z - patched");
assertThat(mandate.getValidFrom()).isEqualTo("2020-06-05");
@ -370,7 +383,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
void globalAdmin_canPatchJustValidToOfArbitrarySepaMandate() {
context.define("superuser-alex@hostsharing.net");
final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111);
final var givenSepaMandate = givenSomeTemporarySepaMandate();
final var location = RestAssured // @formatter:off
.given()
@ -388,7 +401,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
.statusCode(200)
.contentType(ContentType.JSON)
.body("uuid", isUuidValid())
.body("debitor.debitorNumber", is(1000111))
.body("debitor.partner.person.tradeName", is("First GmbH"))
.body("bankAccount.iban", is("DE02120300000000202051"))
.body("reference", is("temp ref CAT Z"))
.body("validFrom", is("2022-11-01"))
@ -398,7 +411,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
// finally, the sepaMandate is actually updated
assertThat(sepaMandateRepo.findByUuid(givenSepaMandate.getUuid())).isPresent().get()
.matches(mandate -> {
assertThat(mandate.getDebitor().toString()).isEqualTo("debitor(D-1000111: rel(relAnchor='LP First GmbH', relType='ACCOUNTING', relHolder='LP First GmbH'), fir)");
assertThat(mandate.getDebitor().toString()).isEqualTo("debitor(D-1000111: P-10001, fir)");
assertThat(mandate.getBankAccount().toShortString()).isEqualTo("First GmbH");
assertThat(mandate.getReference()).isEqualTo("temp ref CAT Z");
assertThat(mandate.getValidity().asString()).isEqualTo("[2022-11-01,2023-01-01)");
@ -410,7 +423,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
void globalAdmin_canNotPatchReferenceOfArbitrarySepaMandate() {
context.define("superuser-alex@hostsharing.net");
final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111);
final var givenSepaMandate = givenSomeTemporarySepaMandate();
final var location = RestAssured // @formatter:off
.given()
@ -445,7 +458,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
void globalAdmin_canDeleteArbitrarySepaMandate() {
context.define("superuser-alex@hostsharing.net");
final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111);
final var givenSepaMandate = givenSomeTemporarySepaMandate();
RestAssured // @formatter:off
.given()
@ -464,7 +477,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
@Accepts({ "SepaMandate:X(Access Control)" })
void bankAccountAdminUser_canNotDeleteRelatedSepaMandate() {
context.define("superuser-alex@hostsharing.net");
final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111);
final var givenSepaMandate = givenSomeTemporarySepaMandate();
RestAssured // @formatter:off
.given()
@ -483,7 +496,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
@Accepts({ "SepaMandate:X(Access Control)" })
void normalUser_canNotDeleteUnrelatedSepaMandate() {
context.define("superuser-alex@hostsharing.net");
final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111);
final var givenSepaMandate = givenSomeTemporarySepaMandate();
RestAssured // @formatter:off
.given()
@ -499,13 +512,11 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
}
}
private HsOfficeSepaMandateEntity givenSomeTemporarySepaMandateForDebitorNumber(final int debitorNumber) {
private HsOfficeSepaMandateEntity givenSomeTemporarySepaMandate() {
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
final var givenDebitor = debitorRepo.findDebitorByDebitorNumber(debitorNumber).get(0);
final var bankAccountHolder = ofNullable(givenDebitor.getPartner().getPartnerRole().getRelHolder().getTradeName())
.orElse(givenDebitor.getPartner().getPartnerRole().getRelHolder().getFamilyName());
final var givenBankAccount = bankAccountRepo.findByOptionalHolderLike(bankAccountHolder).get(0);
final var givenDebitor = debitorRepo.findDebitorByOptionalNameLike("First").get(0);
final var givenBankAccount = bankAccountRepo.findByOptionalHolderLike("First").get(0);
final var newSepaMandate = HsOfficeSepaMandateEntity.builder()
.uuid(UUID.randomUUID())
.debitor(givenDebitor)

View File

@ -170,9 +170,9 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
// then
allTheseSepaMandatesAreReturned(
result,
"SEPA-Mandate(DE02100500000054540402, ref-10002-12, 2022-09-30, [2022-10-01,2027-01-01))",
"SEPA-Mandate(DE02120300000000202051, ref-10001-11, 2022-09-30, [2022-10-01,2027-01-01))",
"SEPA-Mandate(DE02300209000106531065, ref-10003-13, 2022-09-30, [2022-10-01,2027-01-01))");
"SEPA-Mandate(DE02100500000054540402, ref-11120002, 2022-09-30, [2022-10-01,2027-01-01))",
"SEPA-Mandate(DE02120300000000202051, ref-11110001, 2022-09-30, [2022-10-01,2027-01-01))",
"SEPA-Mandate(DE02300209000106531065, ref-11130003, 2022-09-30, [2022-10-01,2027-01-01))");
}
@Test
@ -186,7 +186,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
// then:
exactlyTheseSepaMandatesAreReturned(
result,
"SEPA-Mandate(DE02120300000000202051, ref-10001-11, 2022-09-30, [2022-10-01,2027-01-01))");
"SEPA-Mandate(DE02120300000000202051, ref-11110001, 2022-09-30, [2022-10-01,2027-01-01))");
}
}
@ -204,9 +204,9 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
// then
exactlyTheseSepaMandatesAreReturned(
result,
"SEPA-Mandate(DE02100500000054540402, ref-10002-12, 2022-09-30, [2022-10-01,2027-01-01))",
"SEPA-Mandate(DE02120300000000202051, ref-10001-11, 2022-09-30, [2022-10-01,2027-01-01))",
"SEPA-Mandate(DE02300209000106531065, ref-10003-13, 2022-09-30, [2022-10-01,2027-01-01))");
"SEPA-Mandate(DE02100500000054540402, ref-11120002, 2022-09-30, [2022-10-01,2027-01-01))",
"SEPA-Mandate(DE02120300000000202051, ref-11110001, 2022-09-30, [2022-10-01,2027-01-01))",
"SEPA-Mandate(DE02300209000106531065, ref-11130003, 2022-09-30, [2022-10-01,2027-01-01))");
}
@Test
@ -220,7 +220,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
// then
exactlyTheseSepaMandatesAreReturned(
result,
"SEPA-Mandate(DE02300209000106531065, ref-10003-13, 2022-09-30, [2022-10-01,2027-01-01))");
"SEPA-Mandate(DE02300209000106531065, ref-11130003, 2022-09-30, [2022-10-01,2027-01-01))");
}
}
@ -388,7 +388,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
@SuppressWarnings("unchecked") final List<Object[]> customerLogEntries = query.getResultList();
// then
assertThat(customerLogEntries).map(Arrays::toString).contains(
assertThat(customerLogEntries).map(Arrays::toString).containsExactly(
"[creating SEPA-mandate test-data 1000111, hs_office_sepamandate, INSERT]",
"[creating SEPA-mandate test-data 1000212, hs_office_sepamandate, INSERT]",
"[creating SEPA-mandate test-data 1000313, hs_office_sepamandate, INSERT]");