hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 3 Activity

Compare commits

base: hostsharing:f5802ed404f9e2e157a764ce262108fe45817728
Branches Tags
hostsharing:master
hostsharing:TP-20240927-importfixes
hostsharing:add-hsoting-asset-to-booking-item-resource-and-created-event
hostsharing:spike/auto-build
hostsharing:office-rbac-revision
hostsharing:java-for-gradlew
hostsharing:TP-202408-cors_webui
hostsharing:TP-202405-filtered_import
hostsharing:idea-bug-refactor-inline
hostsharing:api-vision
hostsharing:rbac-object-scope-to-replace-serial-id
hostsharing:office-related-spec-clarifications-and-amendmends
hostsharing:revert-upgrade-openapiprocessor-spring-back-to-2022-5
hostsharing:upgrade-io.openapiprocessoropenapi-processor-spring-to-2024.2
hostsharing:spike/JSonSerializerDeserializerForDTOs
hostsharing:spike/master-detail-for-customer-and-contacts
..
compare: hostsharing:3b7c35cfe4165ae50d1e3ea9ca06d23ad6980da6
Branches Tags
hostsharing:TP-20240927-importfixes
hostsharing:add-hsoting-asset-to-booking-item-resource-and-created-event
hostsharing:master
hostsharing:spike/auto-build
hostsharing:office-rbac-revision
hostsharing:java-for-gradlew
hostsharing:TP-202408-cors_webui
hostsharing:TP-202405-filtered_import
hostsharing:idea-bug-refactor-inline
hostsharing:api-vision
hostsharing:rbac-object-scope-to-replace-serial-id
hostsharing:office-related-spec-clarifications-and-amendmends
hostsharing:revert-upgrade-openapiprocessor-spring-back-to-2022-5
hostsharing:upgrade-io.openapiprocessoropenapi-processor-spring-to-2024.2
hostsharing:spike/JSonSerializerDeserializerForDTOs
hostsharing:spike/master-detail-for-customer-and-contacts

2 Commits
f5802ed404 ... 3b7c35cfe4

Author SHA1 Message Date
Michael Hoennig
3b7c35cfe4 add new packages to ArchitectureTest 2024-07-09 08:33:13 +02:00
Michael Hoennig
6f36cb215b improve RBAC grants 2024-07-08 18:37:19 +02:00
6 changed files with 28 additions and 7 deletions
Show Stats Expand all files Collapse all files

5
src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetEntity.java
View File

@ -50,6 +50,7 @@ import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.DELETE;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.GUEST; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.GUEST;
@ -203,15 +204,13 @@ public class HsHostingAssetEntity implements Stringifyable, RbacObject, Properti
.switchOnColumn("type", .switchOnColumn("type",
inCaseOf("DOMAIN_SETUP", then -> { inCaseOf("DOMAIN_SETUP", then -> {
// grant(ADMIN).to(currentlyAssumedRole() // FIXME
// oder:
// via with.incomingSuperRole("bookingItem", ADMIN); (s.u.)
then.toRole(GLOBAL, GUEST).grantPermission(INSERT); then.toRole(GLOBAL, GUEST).grantPermission(INSERT);
then.toRole(GLOBAL, ADMIN).grantPermission(SELECT); // TODO.spec: replace by a proper solution then.toRole(GLOBAL, ADMIN).grantPermission(SELECT); // TODO.spec: replace by a proper solution
}) })
) )
.createRole(OWNER, (with) -> { .createRole(OWNER, (with) -> {
with.owningUser(CREATOR);
with.incomingSuperRole("bookingItem", ADMIN); with.incomingSuperRole("bookingItem", ADMIN);
with.incomingSuperRole("parentAsset", ADMIN); with.incomingSuperRole("parentAsset", ADMIN);
with.permission(DELETE); with.permission(DELETE);

3
src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.md
View File

@ -80,6 +80,9 @@ subgraph parentAsset["`**parentAsset**`"]
end end
end end
%% granting roles to users
user:creator ==> role:asset:OWNER
%% granting roles to roles %% granting roles to roles
role:bookingItem:OWNER -.-> role:bookingItem:ADMIN role:bookingItem:OWNER -.-> role:bookingItem:ADMIN
role:bookingItem:ADMIN -.-> role:bookingItem:AGENT role:bookingItem:ADMIN -.-> role:bookingItem:AGENT

3
src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql
View File

@ -51,7 +51,8 @@ begin
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[ incomingSuperRoles => array[
hsBookingItemADMIN(newBookingItem), hsBookingItemADMIN(newBookingItem),
hsHostingAssetADMIN(newParentAsset)] hsHostingAssetADMIN(newParentAsset)],
userUuids => array[currentUserUuid()]
); );
perform createRoleWithGrants( perform createRoleWithGrants(

16
src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java
View File

@ -40,8 +40,10 @@ public class ArchitectureTest {
"..test.pac", "..test.pac",
"..test.dom", "..test.dom",
"..context", "..context",
"..hash",
"..generated..", "..generated..",
"..persistence..", "..persistence..",
"..system..",
"..validation..", "..validation..",
"..hs.office.bankaccount", "..hs.office.bankaccount",
"..hs.office.contact", "..hs.office.contact",
@ -110,6 +112,13 @@ public class ArchitectureTest {
.should().onlyDependOnClassesThat() .should().onlyDependOnClassesThat()
.resideOutsideOfPackage(NET_HOSTSHARING_HSADMINNG); .resideOutsideOfPackage(NET_HOSTSHARING_HSADMINNG);
@ArchTest
@SuppressWarnings("unused")
public static final ArchRule hashPackageRule = classes()
.that().resideInAPackage("..hash..")
.should().onlyDependOnClassesThat()
.resideOutsideOfPackage(NET_HOSTSHARING_HSADMINNG);
@ArchTest @ArchTest
@SuppressWarnings("unused") @SuppressWarnings("unused")
public static final ArchRule errorsPackageRule = classes() public static final ArchRule errorsPackageRule = classes()
@ -117,6 +126,13 @@ public class ArchitectureTest {
.should().onlyDependOnClassesThat() .should().onlyDependOnClassesThat()
.resideOutsideOfPackage(NET_HOSTSHARING_HSADMINNG); .resideOutsideOfPackage(NET_HOSTSHARING_HSADMINNG);
@ArchTest
@SuppressWarnings("unused")
public static final ArchRule systemPackageRule = classes()
.that().resideInAPackage("..system..")
.should().onlyDependOnClassesThat()
.resideOutsideOfPackage(NET_HOSTSHARING_HSADMINNG);
@ArchTest @ArchTest
@SuppressWarnings("unused") @SuppressWarnings("unused")
public static final ArchRule testPackagesRule = classes() public static final ArchRule testPackagesRule = classes()

6
src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java
View File

@ -134,6 +134,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
"{ grant perm:hs_hosting_asset#fir00:SELECT to role:global#global:ADMIN by system and assume }", // workaround "{ grant perm:hs_hosting_asset#fir00:SELECT to role:global#global:ADMIN by system and assume }", // workaround
// owner // owner
"{ grant role:hs_hosting_asset#fir00:OWNER to user:superuser-alex@hostsharing.net by hs_hosting_asset#fir00:OWNER and assume }",
"{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_booking_item#fir01:ADMIN by system and assume }", "{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_booking_item#fir01:ADMIN by system and assume }",
"{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_hosting_asset#vm1011:ADMIN by system and assume }", "{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_hosting_asset#vm1011:ADMIN by system and assume }",
"{ grant perm:hs_hosting_asset#fir00:DELETE to role:hs_hosting_asset#fir00:OWNER by system and assume }", "{ grant perm:hs_hosting_asset#fir00:DELETE to role:hs_hosting_asset#fir00:OWNER by system and assume }",
@ -177,15 +178,16 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
result.assertSuccessful(); result.assertSuccessful();
assertThat(result.returnedValue()).isNotNull().extracting(HsHostingAssetEntity::getUuid).isNotNull(); assertThat(result.returnedValue()).isNotNull().extracting(HsHostingAssetEntity::getUuid).isNotNull();
assertThat(result.returnedValue().isLoaded()).isFalse(); assertThat(result.returnedValue().isLoaded()).isFalse();
context("superuser-alex@hostsharing.net"); context("person-SmithPeter@example.com");
assertThatAssetIsPersisted(result.returnedValue()); assertThatAssetIsPersisted(result.returnedValue());
context("superuser-alex@hostsharing.net");
assertThat(assetRepo.count()).isEqualTo(assetCount + 1); assertThat(assetRepo.count()).isEqualTo(assetCount + 1);
} }
private void assertThatAssetIsPersisted(final HsHostingAssetEntity saved) { private void assertThatAssetIsPersisted(final HsHostingAssetEntity saved) {
attempt(em, () -> { attempt(em, () -> {
final var found = assetRepo.findByUuid(saved.getUuid()); final var found = assetRepo.findByUuid(saved.getUuid());
assertThat(found).isNotEmpty().map(HsHostingAssetEntity::toString).get().isEqualTo(saved.toString()); assertThat(found).isNotEmpty().map(HsHostingAssetEntity::toString).contains(saved.toString());
}); });
} }

2
src/test/java/net/hostsharing/hsadminng/system/SystemProcessTest.java → src/test/java/net/hostsharing/hsadminng/system/SystemProcessUnitTest.java
View File

@ -9,7 +9,7 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.catchThrowable; import static org.assertj.core.api.Assertions.catchThrowable;
import static org.junit.jupiter.api.condition.OS.LINUX; import static org.junit.jupiter.api.condition.OS.LINUX;
class SystemProcessTest { class SystemProcessUnitTest {
@Test @Test
@EnabledOnOs(LINUX) @EnabledOnOs(LINUX)