Compare commits
2 Commits
f5802ed404
...
3b7c35cfe4
Author | SHA1 | Date | |
---|---|---|---|
|
3b7c35cfe4 | ||
|
6f36cb215b |
@ -50,6 +50,7 @@ import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.DELETE;
|
|||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE;
|
||||||
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.GUEST;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.GUEST;
|
||||||
@ -203,15 +204,13 @@ public class HsHostingAssetEntity implements Stringifyable, RbacObject, Properti
|
|||||||
|
|
||||||
.switchOnColumn("type",
|
.switchOnColumn("type",
|
||||||
inCaseOf("DOMAIN_SETUP", then -> {
|
inCaseOf("DOMAIN_SETUP", then -> {
|
||||||
// grant(ADMIN).to(currentlyAssumedRole() // FIXME
|
|
||||||
// oder:
|
|
||||||
// via with.incomingSuperRole("bookingItem", ADMIN); (s.u.)
|
|
||||||
then.toRole(GLOBAL, GUEST).grantPermission(INSERT);
|
then.toRole(GLOBAL, GUEST).grantPermission(INSERT);
|
||||||
then.toRole(GLOBAL, ADMIN).grantPermission(SELECT); // TODO.spec: replace by a proper solution
|
then.toRole(GLOBAL, ADMIN).grantPermission(SELECT); // TODO.spec: replace by a proper solution
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
|
|
||||||
.createRole(OWNER, (with) -> {
|
.createRole(OWNER, (with) -> {
|
||||||
|
with.owningUser(CREATOR);
|
||||||
with.incomingSuperRole("bookingItem", ADMIN);
|
with.incomingSuperRole("bookingItem", ADMIN);
|
||||||
with.incomingSuperRole("parentAsset", ADMIN);
|
with.incomingSuperRole("parentAsset", ADMIN);
|
||||||
with.permission(DELETE);
|
with.permission(DELETE);
|
||||||
|
@ -80,6 +80,9 @@ subgraph parentAsset["`**parentAsset**`"]
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
%% granting roles to users
|
||||||
|
user:creator ==> role:asset:OWNER
|
||||||
|
|
||||||
%% granting roles to roles
|
%% granting roles to roles
|
||||||
role:bookingItem:OWNER -.-> role:bookingItem:ADMIN
|
role:bookingItem:OWNER -.-> role:bookingItem:ADMIN
|
||||||
role:bookingItem:ADMIN -.-> role:bookingItem:AGENT
|
role:bookingItem:ADMIN -.-> role:bookingItem:AGENT
|
||||||
|
@ -51,7 +51,8 @@ begin
|
|||||||
permissions => array['DELETE'],
|
permissions => array['DELETE'],
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
hsBookingItemADMIN(newBookingItem),
|
hsBookingItemADMIN(newBookingItem),
|
||||||
hsHostingAssetADMIN(newParentAsset)]
|
hsHostingAssetADMIN(newParentAsset)],
|
||||||
|
userUuids => array[currentUserUuid()]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform createRoleWithGrants(
|
||||||
|
@ -40,8 +40,10 @@ public class ArchitectureTest {
|
|||||||
"..test.pac",
|
"..test.pac",
|
||||||
"..test.dom",
|
"..test.dom",
|
||||||
"..context",
|
"..context",
|
||||||
|
"..hash",
|
||||||
"..generated..",
|
"..generated..",
|
||||||
"..persistence..",
|
"..persistence..",
|
||||||
|
"..system..",
|
||||||
"..validation..",
|
"..validation..",
|
||||||
"..hs.office.bankaccount",
|
"..hs.office.bankaccount",
|
||||||
"..hs.office.contact",
|
"..hs.office.contact",
|
||||||
@ -110,6 +112,13 @@ public class ArchitectureTest {
|
|||||||
.should().onlyDependOnClassesThat()
|
.should().onlyDependOnClassesThat()
|
||||||
.resideOutsideOfPackage(NET_HOSTSHARING_HSADMINNG);
|
.resideOutsideOfPackage(NET_HOSTSHARING_HSADMINNG);
|
||||||
|
|
||||||
|
@ArchTest
|
||||||
|
@SuppressWarnings("unused")
|
||||||
|
public static final ArchRule hashPackageRule = classes()
|
||||||
|
.that().resideInAPackage("..hash..")
|
||||||
|
.should().onlyDependOnClassesThat()
|
||||||
|
.resideOutsideOfPackage(NET_HOSTSHARING_HSADMINNG);
|
||||||
|
|
||||||
@ArchTest
|
@ArchTest
|
||||||
@SuppressWarnings("unused")
|
@SuppressWarnings("unused")
|
||||||
public static final ArchRule errorsPackageRule = classes()
|
public static final ArchRule errorsPackageRule = classes()
|
||||||
@ -117,6 +126,13 @@ public class ArchitectureTest {
|
|||||||
.should().onlyDependOnClassesThat()
|
.should().onlyDependOnClassesThat()
|
||||||
.resideOutsideOfPackage(NET_HOSTSHARING_HSADMINNG);
|
.resideOutsideOfPackage(NET_HOSTSHARING_HSADMINNG);
|
||||||
|
|
||||||
|
@ArchTest
|
||||||
|
@SuppressWarnings("unused")
|
||||||
|
public static final ArchRule systemPackageRule = classes()
|
||||||
|
.that().resideInAPackage("..system..")
|
||||||
|
.should().onlyDependOnClassesThat()
|
||||||
|
.resideOutsideOfPackage(NET_HOSTSHARING_HSADMINNG);
|
||||||
|
|
||||||
@ArchTest
|
@ArchTest
|
||||||
@SuppressWarnings("unused")
|
@SuppressWarnings("unused")
|
||||||
public static final ArchRule testPackagesRule = classes()
|
public static final ArchRule testPackagesRule = classes()
|
||||||
|
@ -134,6 +134,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
|||||||
"{ grant perm:hs_hosting_asset#fir00:SELECT to role:global#global:ADMIN by system and assume }", // workaround
|
"{ grant perm:hs_hosting_asset#fir00:SELECT to role:global#global:ADMIN by system and assume }", // workaround
|
||||||
|
|
||||||
// owner
|
// owner
|
||||||
|
"{ grant role:hs_hosting_asset#fir00:OWNER to user:superuser-alex@hostsharing.net by hs_hosting_asset#fir00:OWNER and assume }",
|
||||||
"{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_booking_item#fir01:ADMIN by system and assume }",
|
"{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_booking_item#fir01:ADMIN by system and assume }",
|
||||||
"{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_hosting_asset#vm1011:ADMIN by system and assume }",
|
"{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_hosting_asset#vm1011:ADMIN by system and assume }",
|
||||||
"{ grant perm:hs_hosting_asset#fir00:DELETE to role:hs_hosting_asset#fir00:OWNER by system and assume }",
|
"{ grant perm:hs_hosting_asset#fir00:DELETE to role:hs_hosting_asset#fir00:OWNER by system and assume }",
|
||||||
@ -177,15 +178,16 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
|||||||
result.assertSuccessful();
|
result.assertSuccessful();
|
||||||
assertThat(result.returnedValue()).isNotNull().extracting(HsHostingAssetEntity::getUuid).isNotNull();
|
assertThat(result.returnedValue()).isNotNull().extracting(HsHostingAssetEntity::getUuid).isNotNull();
|
||||||
assertThat(result.returnedValue().isLoaded()).isFalse();
|
assertThat(result.returnedValue().isLoaded()).isFalse();
|
||||||
context("superuser-alex@hostsharing.net");
|
context("person-SmithPeter@example.com");
|
||||||
assertThatAssetIsPersisted(result.returnedValue());
|
assertThatAssetIsPersisted(result.returnedValue());
|
||||||
|
context("superuser-alex@hostsharing.net");
|
||||||
assertThat(assetRepo.count()).isEqualTo(assetCount + 1);
|
assertThat(assetRepo.count()).isEqualTo(assetCount + 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void assertThatAssetIsPersisted(final HsHostingAssetEntity saved) {
|
private void assertThatAssetIsPersisted(final HsHostingAssetEntity saved) {
|
||||||
attempt(em, () -> {
|
attempt(em, () -> {
|
||||||
final var found = assetRepo.findByUuid(saved.getUuid());
|
final var found = assetRepo.findByUuid(saved.getUuid());
|
||||||
assertThat(found).isNotEmpty().map(HsHostingAssetEntity::toString).get().isEqualTo(saved.toString());
|
assertThat(found).isNotEmpty().map(HsHostingAssetEntity::toString).contains(saved.toString());
|
||||||
});
|
});
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -9,7 +9,7 @@ import static org.assertj.core.api.Assertions.assertThat;
|
|||||||
import static org.assertj.core.api.Assertions.catchThrowable;
|
import static org.assertj.core.api.Assertions.catchThrowable;
|
||||||
import static org.junit.jupiter.api.condition.OS.LINUX;
|
import static org.junit.jupiter.api.condition.OS.LINUX;
|
||||||
|
|
||||||
class SystemProcessTest {
|
class SystemProcessUnitTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@EnabledOnOs(LINUX)
|
@EnabledOnOs(LINUX)
|
Loading…
Reference in New Issue
Block a user