Compare commits

...

1 Commits

Author SHA1 Message Date
Michael Hoennig
349b9ddae0 RBAC object scope to replace serialID (WIP) 2024-05-02 13:31:18 +02:00
78 changed files with 441 additions and 321 deletions

View File

@ -24,6 +24,10 @@ import static org.springframework.transaction.annotation.Propagation.MANDATORY;
@AllArgsConstructor
public class Context {
public enum Scope {
BASE, TEST, TEMP, PROD;
}
private static final Set<String> HEADERS_TO_IGNORE = Set.of(
"accept-encoding",
"connection",
@ -38,28 +42,31 @@ public class Context {
private HttpServletRequest request;
@Transactional(propagation = MANDATORY)
public void define(final String currentUser) {
define(currentUser, null);
public void define(final Scope scope, final String currentUser) {
define(scope, currentUser, null);
}
@Transactional(propagation = MANDATORY)
public void define(final String currentUser, final String assumedRoles) {
define(toTask(request), toCurl(request), currentUser, assumedRoles);
public void define(final Scope scope, final String currentUser, final String assumedRoles) {
define(scope, toTask(request), toCurl(request), currentUser, assumedRoles);
}
@Transactional(propagation = MANDATORY)
public void define(
final Scope currentScope,
final String currentTask,
final String currentRequest,
final String currentUser,
final String assumedRoles) {
final var query = em.createNativeQuery("""
call defineContext(
cast(:currentScope as RbacObjectScope),
cast(:currentTask as varchar(127)),
cast(:currentRequest as text),
cast(:currentUser as varchar(63)),
cast(:assumedRoles as varchar(1023)));
""");
query.setParameter("currentScope", currentScope.name());
query.setParameter("currentTask", shortenToMaxLength(currentTask, 127));
query.setParameter("currentRequest", currentRequest);
query.setParameter("currentUser", currentUser);

View File

@ -17,6 +17,7 @@ import java.util.List;
import java.util.UUID;
import java.util.function.BiConsumer;
import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
import static net.hostsharing.hsadminng.mapper.PostgresDateRange.toPostgresDateRange;
@RestController
@ -37,7 +38,7 @@ public class HsBookingItemController implements HsBookingItemsApi {
final String currentUser,
final String assumedRoles,
final UUID debitorUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var entities = bookingItemRepo.findAllByDebitorUuid(debitorUuid);
@ -52,7 +53,7 @@ public class HsBookingItemController implements HsBookingItemsApi {
final String assumedRoles,
final HsBookingItemInsertResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var entityToSave = mapper.map(body, HsBookingItemEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
@ -74,7 +75,7 @@ public class HsBookingItemController implements HsBookingItemsApi {
final String assumedRoles,
final UUID bookingItemUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = bookingItemRepo.findByUuid(bookingItemUuid);
return result
@ -89,7 +90,7 @@ public class HsBookingItemController implements HsBookingItemsApi {
final String currentUser,
final String assumedRoles,
final UUID bookingItemUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = bookingItemRepo.deleteByUuid(bookingItemUuid);
return result == 0
@ -105,7 +106,7 @@ public class HsBookingItemController implements HsBookingItemsApi {
final UUID bookingItemUuid,
final HsBookingItemPatchResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var current = bookingItemRepo.findByUuid(bookingItemUuid).orElseThrow();

View File

@ -18,6 +18,7 @@ import java.util.List;
import java.util.UUID;
import java.util.function.BiConsumer;
import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
@RestController
public class HsHostingAssetController implements HsHostingAssetsApi {
@ -37,7 +38,7 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
final String currentUser,
final String assumedRoles,
final UUID debitorUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var entities = assetRepo.findAllByDebitorUuid(debitorUuid);
@ -53,7 +54,7 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
final String assumedRoles,
final HsHostingAssetInsertResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var entityToSave = mapper.map(body, HsHostingAssetEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
@ -75,7 +76,7 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
final String assumedRoles,
final UUID serverUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = assetRepo.findByUuid(serverUuid);
return result
@ -90,7 +91,7 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
final String currentUser,
final String assumedRoles,
final UUID serverUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = assetRepo.deleteByUuid(serverUuid);
return result == 0
@ -106,7 +107,7 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
final UUID serverUuid,
final HsHostingAssetPatchResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var current = assetRepo.findByUuid(serverUuid).orElseThrow();

View File

@ -16,6 +16,8 @@ import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBui
import java.util.List;
import java.util.UUID;
import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
@RestController
public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
@ -35,7 +37,7 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
final String currentUser,
final String assumedRoles,
final String holder) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var entities = bankAccountRepo.findByOptionalHolderLike(holder);
@ -50,7 +52,7 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
final String assumedRoles,
final HsOfficeBankAccountInsertResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
IbanUtil.validate(body.getIban());
BicUtil.validate(body.getBic());
@ -76,7 +78,7 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
final String assumedRoles,
final UUID bankAccountUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = bankAccountRepo.findByUuid(bankAccountUuid);
if (result.isEmpty()) {
@ -91,7 +93,7 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
final String currentUser,
final String assumedRoles,
final UUID BankAccountUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = bankAccountRepo.deleteByUuid(BankAccountUuid);
if (result == 0) {

View File

@ -16,6 +16,7 @@ import java.util.List;
import java.util.UUID;
import java.util.function.BiConsumer;
import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
import static net.hostsharing.hsadminng.mapper.KeyValueMap.from;
@RestController
@ -37,7 +38,7 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
final String currentUser,
final String assumedRoles,
final String label) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var entities = contactRepo.findContactByOptionalLabelLike(label);
@ -52,7 +53,7 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
final String assumedRoles,
final HsOfficeContactInsertResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var entityToSave = mapper.map(body, HsOfficeContactEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
@ -74,7 +75,7 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
final String assumedRoles,
final UUID contactUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = contactRepo.findByUuid(contactUuid);
if (result.isEmpty()) {
@ -89,7 +90,7 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
final String currentUser,
final String assumedRoles,
final UUID contactUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = contactRepo.deleteByUuid(contactUuid);
if (result == 0) {
@ -107,7 +108,7 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
final UUID contactUuid,
final HsOfficeContactPatchResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var current = contactRepo.findByUuid(contactUuid).orElseThrow();

View File

@ -21,6 +21,7 @@ import java.util.UUID;
import java.util.function.BiConsumer;
import static java.lang.String.join;
import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
import static net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeCoopAssetsTransactionTypeResource.*;
@RestController
@ -43,7 +44,7 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse
final UUID membershipUuid,
final @DateTimeFormat(iso = ISO.DATE) LocalDate fromValueDate,
final @DateTimeFormat(iso = ISO.DATE) LocalDate toValueDate) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var entities = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange(
membershipUuid,
@ -61,7 +62,7 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse
final String assumedRoles,
final HsOfficeCoopAssetsTransactionInsertResource requestBody) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
validate(requestBody);
final var entityToSave = mapper.map(requestBody, HsOfficeCoopAssetsTransactionEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
@ -82,7 +83,7 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse
public ResponseEntity<HsOfficeCoopAssetsTransactionResource> getCoopAssetTransactionByUuid(
final String currentUser, final String assumedRoles, final UUID assetTransactionUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = coopAssetsTransactionRepo.findByUuid(assetTransactionUuid);
if (result.isEmpty()) {

View File

@ -22,6 +22,7 @@ import java.util.UUID;
import java.util.function.BiConsumer;
import static java.lang.String.join;
import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
import static net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeCoopSharesTransactionTypeResource.CANCELLATION;
import static net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeCoopSharesTransactionTypeResource.SUBSCRIPTION;
@ -45,7 +46,7 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar
final UUID membershipUuid,
final @DateTimeFormat(iso = ISO.DATE) LocalDate fromValueDate,
final @DateTimeFormat(iso = ISO.DATE) LocalDate toValueDate) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var entities = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(
membershipUuid,
@ -63,7 +64,7 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar
final String assumedRoles,
final HsOfficeCoopSharesTransactionInsertResource requestBody) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
validate(requestBody);
final var entityToSave = mapper.map(requestBody, HsOfficeCoopSharesTransactionEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
@ -84,7 +85,7 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar
public ResponseEntity<HsOfficeCoopSharesTransactionResource> getCoopShareTransactionByUuid(
final String currentUser, final String assumedRoles, final UUID shareTransactionUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = coopSharesTransactionRepo.findByUuid(shareTransactionUuid);
if (result.isEmpty()) {

View File

@ -22,6 +22,7 @@ import jakarta.persistence.PersistenceContext;
import java.util.List;
import java.util.UUID;
import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.DEBITOR;
@RestController
@ -50,7 +51,7 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
final String assumedRoles,
final String name,
final Integer debitorNumber) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var entities = debitorNumber != null
? debitorRepo.findDebitorByDebitorNumber(debitorNumber)
@ -67,7 +68,7 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
String assumedRoles,
HsOfficeDebitorInsertResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
Validate.isTrue(body.getDebitorRel() == null || body.getDebitorRelUuid() == null,
"ERROR: [400] exactly one of debitorRel and debitorRelUuid must be supplied, but found both");
@ -111,7 +112,7 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
final String assumedRoles,
final UUID debitorUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = debitorRepo.findByUuid(debitorUuid);
if (result.isEmpty()) {
@ -126,7 +127,7 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
final String currentUser,
final String assumedRoles,
final UUID debitorUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = debitorRepo.deleteByUuid(debitorUuid);
if (result == 0) {
@ -144,7 +145,7 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
final UUID debitorUuid,
final HsOfficeDebitorPatchResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var current = debitorRepo.findByUuid(debitorUuid).orElseThrow();

View File

@ -16,6 +16,8 @@ import java.util.List;
import java.util.UUID;
import java.util.function.BiConsumer;
import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
@RestController
public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
@ -36,7 +38,7 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
final String assumedRoles,
UUID partnerUuid,
Integer memberNumber) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var entities = ( memberNumber != null)
? List.of(membershipRepo.findMembershipByMemberNumber(memberNumber))
@ -54,7 +56,7 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
final String assumedRoles,
final HsOfficeMembershipInsertResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var entityToSave = mapper.map(body, HsOfficeMembershipEntity.class);
@ -77,7 +79,7 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
final String assumedRoles,
final UUID membershipUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = membershipRepo.findByUuid(membershipUuid);
if (result.isEmpty()) {
@ -93,7 +95,7 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
final String currentUser,
final String assumedRoles,
final UUID membershipUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = membershipRepo.deleteByUuid(membershipUuid);
if (result == 0) {
@ -111,7 +113,7 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
final UUID membershipUuid,
final HsOfficeMembershipPatchResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var current = membershipRepo.findByUuid(membershipUuid).orElseThrow();

View File

@ -26,6 +26,7 @@ import jakarta.persistence.PersistenceContext;
import java.util.List;
import java.util.UUID;
import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.EX_PARTNER;
@RestController
@ -53,7 +54,7 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
final String currentUser,
final String assumedRoles,
final String name) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var entities = partnerRepo.findPartnerByOptionalNameLike(name);
@ -68,7 +69,7 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
final String assumedRoles,
final HsOfficePartnerInsertResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var entityToSave = createPartnerEntity(body);
@ -90,7 +91,7 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
final String assumedRoles,
final UUID partnerUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = partnerRepo.findByUuid(partnerUuid);
if (result.isEmpty()) {
@ -105,7 +106,7 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
final String currentUser,
final String assumedRoles,
final UUID partnerUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var partnerToDelete = partnerRepo.findByUuid(partnerUuid);
if (partnerToDelete.isEmpty()) {
@ -127,7 +128,7 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
final UUID partnerUuid,
final HsOfficePartnerPatchResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var current = partnerRepo.findByUuid(partnerUuid).orElseThrow();
final var previousPartnerRel = current.getPartnerRel();

View File

@ -15,6 +15,8 @@ import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBui
import java.util.List;
import java.util.UUID;
import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
@RestController
public class HsOfficePersonController implements HsOfficePersonsApi {
@ -34,7 +36,7 @@ public class HsOfficePersonController implements HsOfficePersonsApi {
final String currentUser,
final String assumedRoles,
final String label) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var entities = personRepo.findPersonByOptionalNameLike(label);
@ -49,7 +51,7 @@ public class HsOfficePersonController implements HsOfficePersonsApi {
final String assumedRoles,
final HsOfficePersonInsertResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var entityToSave = mapper.map(body, HsOfficePersonEntity.class);
@ -71,7 +73,7 @@ public class HsOfficePersonController implements HsOfficePersonsApi {
final String assumedRoles,
final UUID personUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = personRepo.findByUuid(personUuid);
if (result.isEmpty()) {
@ -86,7 +88,7 @@ public class HsOfficePersonController implements HsOfficePersonsApi {
final String currentUser,
final String assumedRoles,
final UUID personUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = personRepo.deleteByUuid(personUuid);
if (result == 0) {
@ -104,7 +106,7 @@ public class HsOfficePersonController implements HsOfficePersonsApi {
final UUID personUuid,
final HsOfficePersonPatchResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var current = personRepo.findByUuid(personUuid).orElseThrow();

View File

@ -19,6 +19,7 @@ import java.util.NoSuchElementException;
import java.util.UUID;
import java.util.function.BiConsumer;
import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
@RestController
@ -49,7 +50,7 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi {
final String assumedRoles,
final UUID personUuid,
final HsOfficeRelationTypeResource relationType) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var entities = relationRepo.findRelationRelatedToPersonUuidAndRelationType(personUuid,
mapper.map(relationType, HsOfficeRelationType.class));
@ -66,7 +67,7 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi {
final String assumedRoles,
final HsOfficeRelationInsertResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var entityToSave = new HsOfficeRelationEntity();
entityToSave.setType(HsOfficeRelationType.valueOf(body.getType()));
@ -100,7 +101,7 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi {
final String assumedRoles,
final UUID relationUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = relationRepo.findByUuid(relationUuid);
if (result.isEmpty()) {
@ -115,7 +116,7 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi {
final String currentUser,
final String assumedRoles,
final UUID relationUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = relationRepo.deleteByUuid(relationUuid);
if (result == 0) {
@ -133,7 +134,7 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi {
final UUID relationUuid,
final HsOfficeRelationPatchResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var current = relationRepo.findByUuid(relationUuid).orElseThrow();

View File

@ -18,6 +18,7 @@ import java.util.List;
import java.util.UUID;
import java.util.function.BiConsumer;
import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
import static net.hostsharing.hsadminng.mapper.PostgresDateRange.toPostgresDateRange;
@RestController
@ -42,7 +43,7 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
final String currentUser,
final String assumedRoles,
final String iban) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var entities = sepaMandateRepo.findSepaMandateByOptionalIban(iban);
@ -58,7 +59,7 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
final String assumedRoles,
final HsOfficeSepaMandateInsertResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var entityToSave = mapper.map(body, HsOfficeSepaMandateEntity.class, SEPA_MANDATE_RESOURCE_TO_ENTITY_POSTMAPPER);
@ -81,7 +82,7 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
final String assumedRoles,
final UUID sepaMandateUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = sepaMandateRepo.findByUuid(sepaMandateUuid);
if (result.isEmpty()) {
@ -97,7 +98,7 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
final String currentUser,
final String assumedRoles,
final UUID sepaMandateUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = sepaMandateRepo.deleteByUuid(sepaMandateUuid);
if (result == 0) {
@ -115,7 +116,7 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
final UUID sepaMandateUuid,
final HsOfficeSepaMandatePatchResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var current = sepaMandateRepo.findByUuid(sepaMandateUuid).orElseThrow();

View File

@ -67,7 +67,7 @@ public class InsertTriggerGenerator {
declare
row ${rawSuperTable};
begin
call defineContext('create INSERT INTO ${rawSubTable} permissions for pre-exising ${rawSuperTable} rows');
call defineContext('PROD', 'create INSERT INTO ${rawSubTable} permissions for pre-exising ${rawSuperTable} rows');
FOR row IN SELECT * FROM ${rawSuperTable}
${whenCondition}

View File

@ -15,6 +15,8 @@ import jakarta.persistence.PersistenceContext;
import java.util.List;
import java.util.UUID;
import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
@RestController
public class RbacGrantController implements RbacGrantsApi {
@ -38,7 +40,7 @@ public class RbacGrantController implements RbacGrantsApi {
final UUID grantedRoleUuid,
final UUID granteeUserUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var id = new RbacGrantId(granteeUserUuid, grantedRoleUuid);
final var result = rbacGrantRepository.findById(id);
@ -54,7 +56,7 @@ public class RbacGrantController implements RbacGrantsApi {
final String currentUser,
final String assumedRoles) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
return ResponseEntity.ok(mapper.mapList(rbacGrantRepository.findAll(), RbacGrantResource.class));
}
@ -66,7 +68,7 @@ public class RbacGrantController implements RbacGrantsApi {
final String assumedRoles,
final RbacGrantResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var granted = rbacGrantRepository.save(mapper.map(body, RbacGrantEntity.class));
em.flush();
@ -88,7 +90,7 @@ public class RbacGrantController implements RbacGrantsApi {
final UUID grantedRoleUuid,
final UUID granteeUserUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
rbacGrantRepository.deleteByRbacGrantId(new RbacGrantId(granteeUserUuid, grantedRoleUuid));

View File

@ -11,6 +11,8 @@ import org.springframework.web.bind.annotation.RestController;
import java.util.List;
import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
@RestController
public class RbacRoleController implements RbacRolesApi {
@ -29,7 +31,7 @@ public class RbacRoleController implements RbacRolesApi {
final String currentUser,
final String assumedRoles) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final List<RbacRoleEntity> result = rbacRoleRepository.findAll();

View File

@ -14,6 +14,8 @@ import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBui
import java.util.List;
import java.util.UUID;
import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
@RestController
public class RbacUserController implements RbacUsersApi {
@ -31,7 +33,7 @@ public class RbacUserController implements RbacUsersApi {
public ResponseEntity<RbacUserResource> createUser(
final RbacUserResource body
) {
context.define(null);
context.define(PROD, null);
if (body.getUuid() == null) {
body.setUuid(UUID.randomUUID());
@ -53,7 +55,7 @@ public class RbacUserController implements RbacUsersApi {
final String assumedRoles,
final UUID userUuid
) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
rbacUserRepository.deleteByUuid(userUuid);
@ -67,7 +69,7 @@ public class RbacUserController implements RbacUsersApi {
final String assumedRoles,
final UUID userUuid) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = rbacUserRepository.findByUuid(userUuid);
if (result == null) {
@ -83,7 +85,7 @@ public class RbacUserController implements RbacUsersApi {
final String assumedRoles,
final String userName
) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
return ResponseEntity.ok(mapper.mapList(rbacUserRepository.findByOptionalNameLike(userName), RbacUserResource.class));
}
@ -95,7 +97,7 @@ public class RbacUserController implements RbacUsersApi {
final String assumedRoles,
final UUID userUuid
) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
return ResponseEntity.ok(mapper.mapList(
rbacUserRepository.findPermissionsOfUserByUuid(userUuid),

View File

@ -14,6 +14,8 @@ import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext;
import java.util.List;
import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
@RestController
public class TestCustomerController implements TestCustomersApi {
@ -36,7 +38,7 @@ public class TestCustomerController implements TestCustomersApi {
String assumedRoles,
String prefix
) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(prefix);
@ -50,7 +52,7 @@ public class TestCustomerController implements TestCustomersApi {
final String assumedRoles,
final TestCustomerResource customer) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var saved = testCustomerRepository.save(mapper.map(customer, TestCustomerEntity.class));
final var uri =

View File

@ -14,6 +14,8 @@ import org.springframework.web.bind.annotation.RestController;
import java.util.List;
import java.util.UUID;
import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
@RestController
public class TestPackageController implements TestPackagesApi {
@ -33,7 +35,7 @@ public class TestPackageController implements TestPackagesApi {
String assumedRoles,
String name
) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var result = testPackageRepository.findAllByOptionalNameLike(name);
return ResponseEntity.ok(mapper.mapList(result, TestPackageResource.class));
@ -47,7 +49,7 @@ public class TestPackageController implements TestPackagesApi {
final UUID packageUuid,
final TestPackageUpdateResource body) {
context.define(currentUser, assumedRoles);
context.define(PROD, currentUser, assumedRoles);
final var current = testPackageRepository.findByUuid(packageUuid);
OptionalFromJson.of(body.getDescription()).ifPresent(current::setDescription);

View File

@ -5,11 +5,23 @@
--changeset context-DEFINE:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/**
Determines the purpose and therefore the life span of an RbacObject.
*/
CREATE TYPE RbacObjectScope AS ENUM (
'BASE', -- initial data which needs to be kept in production systems
'TEST', -- initial test data created via Liquibase, should be removed in production systems
'TEMP', -- temporary test data created by test scripts, should be removed in production systems
'PROD' -- production data which was added after system initialization
);
/*
Callback which is called after the context has been (re-) defined.
This function will be overwritten by later changesets.
*/
create procedure contextDefined(
currentScope RbacObjectScope,
currentTask varchar(127),
currentRequest text,
currentUser varchar(63),
@ -23,6 +35,7 @@ end; $$;
Defines the transaction context.
*/
create or replace procedure defineContext(
currentScope RbacObjectScope,
currentTask varchar(127),
currentRequest text = null,
currentUser varchar(63) = null,
@ -30,6 +43,8 @@ create or replace procedure defineContext(
)
language plpgsql as $$
begin
execute format('set local hsadminng.currentScope to %L', currentScope);
currentTask := coalesce(currentTask, '');
assert length(currentTask) <= 127, FORMAT('currentTask must not be longer than 127 characters: "%s"', currentTask);
assert length(currentTask) >= 12, FORMAT('currentTask must be at least 12 characters long: "%s""', currentTask);
@ -46,7 +61,35 @@ begin
assert length(assumedRoles) <= 1023, FORMAT('assumedRoles must not be longer than 1023 characters: "%s"', assumedRoles);
execute format('set local hsadminng.assumedRoles to %L', assumedRoles);
call contextDefined(currentTask, currentRequest, currentUser, assumedRoles);
call contextDefined(currentScope, currentTask, currentRequest, currentUser, assumedRoles);
end; $$;
--//
-- ============================================================================
--changeset context-CURRENT-SCOPE:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Returns the current scope as set via defineContext(...) to `hsadminng.currentScope`.
Raises exception if not set.
*/
create or replace function currentScope()
returns RbacObjectScope
stable -- leakproof
language plpgsql as $$
declare
currentScope varchar;
begin
begin
currentScope := current_setting('hsadminng.currentScope');
exception
when others then
currentScope := null;
end;
if (currentScope is null or currentScope = '') then
raise exception '[401] currentScope must be defined, please call `defineContext(...)`';
end if;
return currentScope::RbacObjectScope;
end; $$;
--//
@ -55,7 +98,7 @@ end; $$;
--changeset context-CURRENT-TASK:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Returns the current task as set by `hsadminng.currentTask`.
Returns the current task as set set via defineContext(...) to `hsadminng.currentTask`.
Raises exception if not set.
*/
create or replace function currentTask()

View File

@ -91,13 +91,17 @@ $$;
-- ============================================================================
--changeset rbac-base-OBJECT:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
/*
Represents database row under RBAC control within the RBAC-system.
The actual row resists in the database table referenced by `objectTable`.
*/
create table RbacObject
(
uuid uuid primary key default uuid_generate_v4(),
serialId serial, -- TODO: we might want to remove this once test data deletion works properly
scope RbacObjectScope not null,
serialId serial, -- only set for TEMP scope to clean up temp test data in reverse order
objectTable varchar(64) not null,
unique (objectTable, uuid)
);
@ -120,18 +124,21 @@ create or replace function insertRelatedRbacObject()
strict as $$
declare
objectUuid uuid;
scope RbacObjectScope;
begin
scope := currentScope();
if TG_OP = 'INSERT' then
if NEW.uuid is null then
insert
into RbacObject (objectTable)
values (TG_TABLE_NAME)
into RbacObject (scope, objectTable)
values (scope, TG_TABLE_NAME)
returning uuid into objectUuid;
NEW.uuid = objectUuid;
else
insert
into RbacObject (uuid, objectTable)
values (NEW.uuid, TG_TABLE_NAME)
into RbacObject (uuid, scope, objectTable)
values (NEW.uuid, scope, TG_TABLE_NAME)
returning uuid into objectUuid;
end if;
return NEW;

View File

@ -85,6 +85,7 @@ end; $$;
This function will be overwritten by later changesets.
*/
create or replace procedure contextDefined(
currentScope RbacObjectScope,
currentTask varchar(127),
currentRequest text,
currentUser varchar(63),
@ -94,6 +95,8 @@ create or replace procedure contextDefined(
declare
currentUserUuid uuid;
begin
execute format('set local hsadminng.currentScope to %L', currentScope);
execute format('set local hsadminng.currentTask to %L', currentTask);
execute format('set local hsadminng.currentRequest to %L', currentRequest);

View File

@ -94,9 +94,9 @@ $$;
A single row to be referenced as a global object.
*/
begin transaction;
call defineContext('initializing table "global"', null, null, null);
call defineContext('BASE'::RbacObjectScope, 'initializing table "global"', null, null, null);
insert
into RbacObject (objecttable) values ('global');
into RbacObject (scope, objecttable) values (currentScope(), 'global');
insert
into Global (uuid, name) values ((select uuid from RbacObject where objectTable = 'global'), 'global');
commit;
@ -118,7 +118,7 @@ select 'global', (select uuid from RbacObject where objectTable = 'global'), 'AD
$$;
begin transaction;
call defineContext('creating role:global#global:ADMIN', null, null, null);
call defineContext('BASE'::RbacObjectScope, 'creating role:global#global:ADMIN', null, null, null);
select createRole(globalAdmin());
commit;
--//
@ -139,7 +139,7 @@ select 'global', (select uuid from RbacObject where objectTable = 'global'), 'GU
$$;
begin transaction;
call defineContext('creating role:global#global:guest', null, null, null);
call defineContext('BASE'::RbacObjectScope, 'creating role:global#global:guest', null, null, null);
select createRole(globalGuest());
commit;
--//
@ -155,7 +155,7 @@ do language plpgsql $$
declare
admins uuid ;
begin
call defineContext('creating fake test-realm admin users', null, null, null);
call defineContext('TEST'::RbacObjectScope, 'creating fake test-realm admin users', null, null, null);
admins = findRoleId(globalAdmin());
call grantRoleToUserUnchecked(admins, admins, createRbacUser('superuser-alex@hostsharing.net'));
@ -179,13 +179,13 @@ do language plpgsql $$
declare
userName varchar;
begin
call defineContext('testing currentUserUuid', null, 'superuser-fran@hostsharing.net', null);
call defineContext('TEST'::RbacObjectScope, 'testing currentUserUuid', null, 'superuser-fran@hostsharing.net', null);
select userName from RbacUser where uuid = currentUserUuid() into userName;
if userName <> 'superuser-fran@hostsharing.net' then
raise exception 'setting or fetching initial currentUser failed, got: %', userName;
end if;
call defineContext('testing currentUserUuid', null, 'superuser-alex@hostsharing.net', null);
call defineContext('TEST'::RbacObjectScope, 'testing currentUserUuid', null, 'superuser-alex@hostsharing.net', null);
select userName from RbacUser where uuid = currentUserUuid() into userName;
if userName = 'superuser-alex@hostsharing.net' then
raise exception 'currentUser should not change in one transaction, but did change, got: %', userName;

View File

@ -89,7 +89,7 @@ do language plpgsql $$
declare
row global;
begin
call defineContext('create INSERT INTO test_customer permissions for pre-exising global rows');
call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO test_customer permissions for pre-exising global rows');
FOR row IN SELECT * FROM global
-- unconditional for all rows in that table

View File

@ -32,7 +32,7 @@ declare
newCust test_customer;
begin
currentTask = 'creating RBAC test customer #' || custReference || '/' || custPrefix;
call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
execute format('set local hsadminng.currentTask to %L', currentTask);
custRowId = uuid_generate_v4();

View File

@ -154,7 +154,7 @@ do language plpgsql $$
declare
row test_customer;
begin
call defineContext('create INSERT INTO test_package permissions for pre-exising test_customer rows');
call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO test_package permissions for pre-exising test_customer rows');
FOR row IN SELECT * FROM test_customer
-- unconditional for all rows in that table

View File

@ -26,7 +26,7 @@ begin
custAdminUser = 'customer-admin@' || cust.prefix || '.example.com';
custAdminRole = 'test_customer#' || cust.prefix || ':ADMIN';
call defineContext(currentTask, null, 'superuser-fran@hostsharing.net', custAdminRole);
call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-fran@hostsharing.net', custAdminRole);
raise notice 'task: % by % as %', currentTask, custAdminUser, custAdminRole;
insert

View File

@ -153,7 +153,7 @@ do language plpgsql $$
declare
row test_package;
begin
call defineContext('create INSERT INTO test_domain permissions for pre-exising test_package rows');
call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO test_domain permissions for pre-exising test_package rows');
FOR row IN SELECT * FROM test_package
-- unconditional for all rows in that table

View File

@ -24,7 +24,7 @@ begin
currentTask = 'creating RBAC test domain #' || t || ' for package ' || pac.name || ' #' || pac.uuid;
raise notice 'task: %', currentTask;
pacAdmin = 'pac-admin-' || pac.name || '@' || pac.custPrefix || '.example.com';
call defineContext(currentTask, null, pacAdmin, null);
call defineContext('TEST'::RbacObjectScope, currentTask, null, pacAdmin, null);
insert
into test_domain (name, packageUuid)

View File

@ -40,7 +40,8 @@ ALTER TABLE hs_office_contact_legacy_id
--changeset hs-office-contact-MIGRATION-insert:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
CALL defineContext('schema-migration');
-- at this point only contact rows in scope TEST exist
CALL defineContext('TEST'::RbacObjectScope, 'schema-migration');
INSERT INTO hs_office_contact_legacy_id(uuid, contact_id)
SELECT uuid, nextVal('hs_office_contact_legacy_id_seq') FROM hs_office_contact;
--/

View File

@ -19,9 +19,9 @@ begin
execute format('set local hsadminng.currentTask to %L', currentTask);
emailAddr = 'contact-admin@' || cleanIdentifier(contLabel) || '.example.com';
call defineContext(currentTask);
call defineContext('TEST'::RbacObjectScope, currentTask);
perform createRbacUser(emailAddr);
call defineContext(currentTask, null, emailAddr);
call defineContext('TEST'::RbacObjectScope, currentTask, null, emailAddr);
postalAddr := E'Vorname Nachname\nStraße Hnr\nPLZ Stadt';

View File

@ -23,9 +23,9 @@ begin
fullName := concat_ws(', ', newTradeName, newFamilyName, newGivenName);
currentTask = 'creating person test-data ' || fullName;
emailAddr = 'person-' || left(cleanIdentifier(fullName), 32) || '@example.com';
call defineContext(currentTask);
call defineContext('TEST'::RbacObjectScope, currentTask);
perform createRbacUser(emailAddr);
call defineContext(currentTask, null, emailAddr);
call defineContext('TEST'::RbacObjectScope, currentTask, null, emailAddr);
execute format('set local hsadminng.currentTask to %L', currentTask);
raise notice 'creating test person: % by %', fullName, emailAddr;

View File

@ -163,7 +163,8 @@ do language plpgsql $$
declare
row hs_office_person;
begin
call defineContext('create INSERT INTO hs_office_relation permissions for pre-exising hs_office_person rows');
-- at this point, all existing relation rows are in scope TEST
call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_relation permissions for pre-exising hs_office_person rows');
FOR row IN SELECT * FROM hs_office_person
-- unconditional for all rows in that table

View File

@ -25,7 +25,7 @@ declare
begin
idName := cleanIdentifier( anchorPersonName || '-' || holderPersonName);
currentTask := 'creating relation test-data ' || idName;
call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
execute format('set local hsadminng.currentTask to %L', currentTask);
select p.*

View File

@ -166,7 +166,8 @@ do language plpgsql $$
declare
row global;
begin
call defineContext('create INSERT INTO hs_office_partner permissions for pre-exising global rows');
-- global rows are in scope BASE, therefore also this is run in scope BASE
call defineContext('BASE'::RbacObjectScope, 'create INSERT INTO hs_office_partner permissions for pre-exising global rows');
FOR row IN SELECT * FROM global
-- unconditional for all rows in that table

View File

@ -70,7 +70,8 @@ do language plpgsql $$
declare
row global;
begin
call defineContext('create INSERT INTO hs_office_partner_details permissions for pre-exising global rows');
-- at this point, all existing partner rows are in scope TEST
call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_partner_details permissions for pre-exising global rows');
FOR row IN SELECT * FROM global
-- unconditional for all rows in that table

View File

@ -39,7 +39,8 @@ ALTER TABLE hs_office_partner_legacy_id
--changeset hs-office-partner-MIGRATION-insert:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
CALL defineContext('schema-migration');
-- at this point, only partner rows in scope TEST exist
CALL defineContext('TEST'::RbacObjectScope, 'schema-migration');
INSERT INTO hs_office_partner_legacy_id(uuid, bp_id)
SELECT uuid, nextVal('hs_office_partner_legacy_id_seq') FROM hs_office_partner;
--/

View File

@ -24,7 +24,7 @@ declare
begin
idName := cleanIdentifier( partnerPersonName|| '-' || contactLabel);
currentTask := 'creating partner test-data ' || idName;
call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
execute format('set local hsadminng.currentTask to %L', currentTask);
select p.* from hs_office_person p

View File

@ -18,9 +18,9 @@ begin
execute format('set local hsadminng.currentTask to %L', currentTask);
emailAddr = 'bankaccount-admin@' || cleanIdentifier(givenHolder) || '.example.com';
call defineContext(currentTask);
call defineContext('TEST'::RbacObjectScope, currentTask);
perform createRbacUser(emailAddr);
call defineContext(currentTask, null, emailAddr);
call defineContext('TEST'::RbacObjectScope, currentTask, null, emailAddr);
raise notice 'creating test bankaccount: %', givenHolder;
insert

View File

@ -139,7 +139,8 @@ do language plpgsql $$
declare
row global;
begin
call defineContext('create INSERT INTO hs_office_debitor permissions for pre-exising global rows');
-- at this point, all existing debitor rows are in scope TEST
call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_debitor permissions for pre-exising global rows');
FOR row IN SELECT * FROM global
-- unconditional for all rows in that table

View File

@ -23,7 +23,7 @@ declare
begin
idName := cleanIdentifier( forPartnerPersonName|| '-' || forBillingContactLabel);
currentTask := 'creating debitor test-data ' || idName;
call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
execute format('set local hsadminng.currentTask to %L', currentTask);
select debitorRel.uuid

View File

@ -114,7 +114,8 @@ do language plpgsql $$
declare
row hs_office_relation;
begin
call defineContext('create INSERT INTO hs_office_sepamandate permissions for pre-exising hs_office_relation rows');
-- at this point, all existing sepamandate rows are in scope TEST
call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_sepamandate permissions for pre-exising hs_office_relation rows');
FOR row IN SELECT * FROM hs_office_relation
WHERE type = 'DEBITOR'

View File

@ -41,7 +41,8 @@ ALTER TABLE hs_office_sepamandate_legacy_id
--changeset hs-office-sepamandate-MIGRATION-insert:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
CALL defineContext('schema-migration');
-- at this point, all existing sepamandate rows are in scope TEST
CALL defineContext('TEST'::RbacObjectScope, 'schema-migration');
INSERT INTO hs_office_sepamandate_legacy_id(uuid, sepa_mandate_id)
SELECT uuid, nextVal('hs_office_sepamandate_legacy_id_seq') FROM hs_office_sepamandate;
--/

View File

@ -20,7 +20,7 @@ declare
relatedBankAccount hs_office_bankAccount;
begin
currentTask := 'creating SEPA-mandate test-data ' || forPartnerNumber::text || forDebitorSuffix::text;
call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
execute format('set local hsadminng.currentTask to %L', currentTask);
select debitor.* into relatedDebitor

View File

@ -101,7 +101,8 @@ do language plpgsql $$
declare
row global;
begin
call defineContext('create INSERT INTO hs_office_membership permissions for pre-exising global rows');
-- at this point, all existing membership rows are in scope TEST
call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_membership permissions for pre-exising global rows');
FOR row IN SELECT * FROM global
-- unconditional for all rows in that table

View File

@ -19,7 +19,7 @@ begin
currentTask := 'creating Membership test-data ' ||
'P-' || forPartnerNumber::text ||
'M-...' || newMemberNumberSuffix;
call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
execute format('set local hsadminng.currentTask to %L', currentTask);
select partner.* from hs_office_partner partner

View File

@ -77,7 +77,8 @@ do language plpgsql $$
declare
row hs_office_membership;
begin
call defineContext('create INSERT INTO hs_office_coopsharestransaction permissions for pre-exising hs_office_membership rows');
-- at this point, all existing coopshares rows are in scope TEST
call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_coopsharestransaction permissions for pre-exising hs_office_membership rows');
FOR row IN SELECT * FROM hs_office_membership
-- unconditional for all rows in that table

View File

@ -40,7 +40,8 @@ ALTER TABLE hs_office_coopsharestransaction_legacy_id
--changeset hs-office-coopshares-MIGRATION-insert:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
CALL defineContext('schema-migration');
-- at this point, all existing coopshares rows are in scope TEST
CALL defineContext('TEST'::RbacObjectScope, 'schema-migration');
INSERT INTO hs_office_coopsharestransaction_legacy_id(uuid, member_share_id)
SELECT uuid, nextVal('hs_office_coopsharestransaction_legacy_id_seq') FROM hs_office_coopsharestransaction;
--/

View File

@ -22,7 +22,7 @@ begin
execute format('set local hsadminng.currentTask to %L', currentTask);
SET CONSTRAINTS ALL DEFERRED;
call defineContext(currentTask);
call defineContext('TEST'::RbacObjectScope, currentTask);
select m.uuid
from hs_office_membership m
join hs_office_partner p on p.uuid = m.partneruuid

View File

@ -77,7 +77,8 @@ do language plpgsql $$
declare
row hs_office_membership;
begin
call defineContext('create INSERT INTO hs_office_coopassetstransaction permissions for pre-exising hs_office_membership rows');
-- at this point, all existing coopassettransaction rows are in scope TEST
call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_coopassetstransaction permissions for pre-exising hs_office_membership rows');
FOR row IN SELECT * FROM hs_office_membership
-- unconditional for all rows in that table

View File

@ -40,7 +40,8 @@ ALTER TABLE hs_office_coopassetstransaction_legacy_id
--changeset hs-office-coopassets-MIGRATION-insert:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
CALL defineContext('schema-migration');
-- at this point, all existing coopassettransaction rows are in scope TEST
CALL defineContext('TEST'::RbacObjectScope, 'schema-migration');
INSERT INTO hs_office_coopassetstransaction_legacy_id(uuid, member_asset_id)
SELECT uuid, nextVal('hs_office_coopassetstransaction_legacy_id_seq') FROM hs_office_coopassetstransaction;
--/

View File

@ -22,7 +22,7 @@ begin
execute format('set local hsadminng.currentTask to %L', currentTask);
SET CONSTRAINTS ALL DEFERRED;
call defineContext(currentTask);
call defineContext('TEST'::RbacObjectScope, currentTask);
select m.uuid
from hs_office_membership m
join hs_office_partner p on p.uuid = m.partneruuid

View File

@ -110,7 +110,8 @@ do language plpgsql $$
declare
row hs_office_relation;
begin
call defineContext('create INSERT INTO hs_booking_item permissions for pre-exising hs_office_relation rows');
-- at this point, all existing booking_item rows are in scope TEST
call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_booking_item permissions for pre-exising hs_office_relation rows');
FOR row IN SELECT * FROM hs_office_relation
WHERE type = 'DEBITOR'

View File

@ -18,7 +18,7 @@ declare
relatedDebitor hs_office_debitor;
begin
currentTask := 'creating booking-item test-data ' || givenPartnerNumber::text || givenDebitorSuffix;
call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
execute format('set local hsadminng.currentTask to %L', currentTask);
select debitor.* into relatedDebitor

View File

@ -103,7 +103,8 @@ do language plpgsql $$
declare
row hs_booking_item;
begin
call defineContext('create INSERT INTO hs_hosting_asset permissions for pre-exising hs_booking_item rows');
-- at this point, all existing hosting_asset rows are in scope TEST
call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_hosting_asset permissions for pre-exising hs_booking_item rows');
FOR row IN SELECT * FROM hs_booking_item
-- unconditional for all rows in that table

View File

@ -21,7 +21,7 @@ declare
managedServerUuid uuid;
begin
currentTask := 'creating hosting-asset test-data ' || givenPartnerNumber::text || givenDebitorSuffix;
call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
execute format('set local hsadminng.currentTask to %L', currentTask);
select debitor.* into relatedDebitor

View File

@ -21,6 +21,7 @@ import java.util.Map;
import java.util.UUID;
import static java.util.Map.entry;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.matchesRegex;
@ -111,7 +112,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
@Test
void globalAdmin_canAddBookingItem() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenDebitor = debitorRepo.findDebitorByDebitorNumber(1000111).get(0);
final var location = RestAssured // @formatter:off
@ -155,7 +156,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
@Test
void globalAdmin_canGetArbitraryBookingItem() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenBookingItemUuid = bookingItemRepo.findAll().stream()
.filter(bi -> bi.getDebitor().getDebitorNumber() == 1000111)
.filter(item -> item.getCaption().equals("some CloudServer"))
@ -182,7 +183,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
@Test
void normalUser_canNotGetUnrelatedBookingItem() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenBookingItemUuid = bookingItemRepo.findAll().stream()
.filter(bi -> bi.getDebitor().getDebitorNumber() == 1000212)
.map(HsBookingItemEntity::getUuid)
@ -200,7 +201,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
@Test
void debitorAgentUser_canGetRelatedBookingItem() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenBookingItemUuid = bookingItemRepo.findAll().stream()
.filter(bi -> bi.getDebitor().getDebitorNumber() == 1000313)
.filter(item -> item.getCaption().equals("some CloudServer"))
@ -269,7 +270,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
""")); // @formatter:on
// finally, the bookingItem is actually updated
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
assertThat(bookingItemRepo.findByUuid(givenBookingItem.getUuid())).isPresent().get()
.matches(mandate -> {
assertThat(mandate.getDebitor().toString()).isEqualTo("debitor(D-1000111: rel(anchor='LP First GmbH', type='DEBITOR', holder='LP First GmbH'), fir)");
@ -285,7 +286,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
@Test
void globalAdmin_canDeleteArbitraryBookingItem() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenBookingItem = givenSomeTemporaryBookingItemForDebitorNumber(1000111, entry("something", 1));
RestAssured // @formatter:off
@ -303,7 +304,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
@Test
void normalUser_canNotDeleteUnrelatedBookingItem() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenBookingItem = givenSomeTemporaryBookingItemForDebitorNumber(1000111, entry("something", 1));
RestAssured // @formatter:off
@ -323,7 +324,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
private HsBookingItemEntity givenSomeTemporaryBookingItemForDebitorNumber(final int debitorNumber,
final Map.Entry<String, Integer> resources) {
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenDebitor = debitorRepo.findDebitorByDebitorNumber(debitorNumber).get(0);
final var newBookingItem = HsBookingItemEntity.builder()
.uuid(UUID.randomUUID())

View File

@ -19,6 +19,7 @@ import java.util.Map;
import java.util.UUID;
import static java.util.Map.entry;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.matchesRegex;
@ -109,7 +110,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
@Test
void globalAdmin_canAddAsset() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenBookingItem = givenBookingItem("First", "some PrivateCloud");
final var location = RestAssured // @formatter:off
@ -154,7 +155,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
@Test
void globalAdmin_canGetArbitraryAsset() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenAssetUuid = assetRepo.findAll().stream()
.filter(bi -> bi.getBookingItem().getDebitor().getDebitorNumber() == 1000111)
.filter(item -> item.getCaption().equals("some ManagedServer"))
@ -183,7 +184,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
@Test
void normalUser_canNotGetUnrelatedAsset() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenAssetUuid = assetRepo.findAll().stream()
.filter(bi -> bi.getBookingItem().getDebitor().getDebitorNumber() == 1000212)
.map(HsHostingAssetEntity::getUuid)
@ -201,7 +202,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
@Test
void debitorAgentUser_canGetRelatedAsset() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenAssetUuid = assetRepo.findAll().stream()
.filter(bi -> bi.getBookingItem().getDebitor().getDebitorNumber() == 1000313)
.filter(bi -> bi.getCaption().equals("some ManagedServer"))
@ -271,7 +272,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
""")); // @formatter:on
// finally, the asset is actually updated
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
assertThat(assetRepo.findByUuid(givenAsset.getUuid())).isPresent().get()
.matches(asset -> {
assertThat(asset.toString()).isEqualTo("HsHostingAssetEntity(D-1000111:some CloudServer, CLOUD_SERVER, vm2001, some test-asset, { CPU: 4, SSD: 4096, something: 1 })");
@ -285,7 +286,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
@Test
void globalAdmin_canDeleteArbitraryAsset() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenAsset = givenSomeTemporaryAssetForDebitorNumber("2002", entry("something", 1));
RestAssured // @formatter:off
@ -303,7 +304,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
@Test
void normalUser_canNotDeleteUnrelatedAsset() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenAsset = givenSomeTemporaryAssetForDebitorNumber("2003", entry("something", 1));
RestAssured // @formatter:off
@ -330,7 +331,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
private HsHostingAssetEntity givenSomeTemporaryAssetForDebitorNumber(final String identifierSuffix,
final Map.Entry<String, Integer> resources) {
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var newAsset = HsHostingAssetEntity.builder()
.uuid(UUID.randomUUID())
.bookingItem(givenBookingItem("First", "some CloudServer"))

View File

@ -18,6 +18,7 @@ import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext;
import java.util.UUID;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
@ -116,7 +117,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
void globalAdmin_withoutAssumedRole_canAddBankAccount() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var location = RestAssured // @formatter:off
.given()
@ -154,7 +155,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
void globalAdmin_withoutAssumedRole_canGetArbitraryBankAccount() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenBankAccountUuid = bankAccountRepo.findByOptionalHolderLike("first").get(0).getUuid();
RestAssured // @formatter:off
@ -175,7 +176,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
void normalUser_canNotGetUnrelatedBankAccount() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenBankAccountUuid = bankAccountRepo.findByOptionalHolderLike("first").get(0).getUuid();
RestAssured // @formatter:off
@ -191,7 +192,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
@Disabled("TODO: not implemented yet - also add Accepts annotation when done")
void bankaccountAdminUser_canGetRelatedBankAccount() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenBankAccountUuid = bankAccountRepo.findByOptionalHolderLike("first").get(0).getUuid();
RestAssured // @formatter:off
@ -219,7 +220,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
void patchIsNotImplemented() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenBankAccount = givenSomeTemporaryBankAccountCreatedBy("selfregistered-test-user@hostsharing.org");
final var location = RestAssured // @formatter:off
@ -241,7 +242,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
// @formatter:on
// and the bankaccount is unchanged
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
assertThat(bankAccountRepo.findByUuid(givenBankAccount.getUuid())).isPresent().get()
.matches(person -> {
assertThat(person.getHolder()).isEqualTo(givenBankAccount.getHolder());
@ -257,7 +258,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
void globalAdmin_withoutAssumedRole_canDeleteArbitraryBankAccount() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenBankAccount = givenSomeTemporaryBankAccountCreatedBy("selfregistered-test-user@hostsharing.org");
RestAssured // @formatter:off
@ -292,7 +293,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
void normalUser_canNotDeleteUnrelatedBankAccount() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenBankAccount = givenSomeTemporaryBankAccountCreatedBy("selfregistered-test-user@hostsharing.org");
RestAssured // @formatter:off
@ -312,7 +313,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
private HsOfficeBankAccountEntity givenSomeTemporaryBankAccountCreatedBy(final String creatingUser) {
return jpaAttempt.transacted(() -> {
context.define(creatingUser);
context.define(TEMP, creatingUser);
final var newBankAccount = HsOfficeBankAccountEntity.builder()
.holder("temp acc #" + RandomStringUtils.randomAlphabetic(3))
.iban("DE93500105179473626226")
@ -327,7 +328,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
@AfterEach
void cleanup() {
jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null);
context.define(TEMP, "superuser-alex@hostsharing.net", null);
em.createQuery("DELETE FROM HsOfficeBankAccountEntity b WHERE b.holder LIKE 'temp %'").executeUpdate();
});
}

View File

@ -22,6 +22,7 @@ import jakarta.persistence.PersistenceContext;
import java.util.Map;
import java.util.UUID;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
@ -95,7 +96,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void globalAdmin_withoutAssumedRole_canAddContact() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var location = RestAssured // @formatter:off
.given()
@ -133,7 +134,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void globalAdmin_withoutAssumedRole_canGetArbitraryContact() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenContactUuid = contactRepo.findContactByOptionalLabelLike("first").get(0).getUuid();
RestAssured // @formatter:off
@ -154,7 +155,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void normalUser_canNotGetUnrelatedContact() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenContactUuid = contactRepo.findContactByOptionalLabelLike("first").get(0).getUuid();
RestAssured // @formatter:off
@ -169,7 +170,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void contactAdminUser_canGetRelatedContact() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenContactUuid = contactRepo.findContactByOptionalLabelLike("first").get(0).getUuid();
RestAssured // @formatter:off
@ -201,7 +202,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void globalAdmin_withoutAssumedRole_canPatchAllPropertiesOfArbitraryContact() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenContact = givenSomeTemporaryContactCreatedBy("selfregistered-test-user@hostsharing.org");
final var location = RestAssured // @formatter:off
@ -234,7 +235,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
// @formatter:on
// finally, the contact is actually updated
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
assertThat(contactRepo.findByUuid(givenContact.getUuid())).isPresent().get()
.matches(person -> {
assertThat(person.getLabel()).isEqualTo("Temp patched contact");
@ -248,7 +249,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void globalAdmin_withoutAssumedRole_canPatchPartialPropertiesOfArbitraryContact() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenContact = givenSomeTemporaryContactCreatedBy("selfregistered-test-user@hostsharing.org");
final var location = RestAssured // @formatter:off
@ -296,7 +297,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void globalAdmin_withoutAssumedRole_canDeleteArbitraryContact() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenContact = givenSomeTemporaryContactCreatedBy("selfregistered-test-user@hostsharing.org");
RestAssured // @formatter:off
@ -331,7 +332,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void normalUser_canNotDeleteUnrelatedContact() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenContact = givenSomeTemporaryContactCreatedBy("selfregistered-test-user@hostsharing.org");
RestAssured // @formatter:off
@ -351,7 +352,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
private HsOfficeContactEntity givenSomeTemporaryContactCreatedBy(final String creatingUser) {
return jpaAttempt.transacted(() -> {
context.define(creatingUser);
context.define(TEMP, creatingUser, null);
final var newContact = HsOfficeContactEntity.builder()
.uuid(UUID.randomUUID())
.label("Temp from " + Context.getCallerMethodNameFromStackFrame(1) )
@ -368,7 +369,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
@AfterEach
void cleanup() {
jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null);
context.define(TEMP, "superuser-alex@hostsharing.net", null);
em.createQuery("DELETE FROM HsOfficeContactEntity c WHERE c.label LIKE 'Temp %'").executeUpdate();
}).assertSuccessful();
}

View File

@ -22,6 +22,7 @@ import java.math.BigDecimal;
import java.time.LocalDate;
import java.util.UUID;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static net.hostsharing.hsadminng.hs.office.coopassets.HsOfficeCoopAssetsTransactionType.DEPOSIT;
import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
@ -75,7 +76,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
@Test
void globalAdmin_canFindCoopAssetsTransactionsByMemberNumber() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000202);
RestAssured // @formatter:off
@ -138,7 +139,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
@Test
void globalAdmin_canFindCoopAssetsTransactionsByMembershipUuidAndDateRange() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000202);
RestAssured // @formatter:off
@ -171,7 +172,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
@Test
void globalAdmin_canAddCoopAssetsTransaction() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101);
final var location = RestAssured // @formatter:off
@ -216,11 +217,11 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
@Test
void globalAdmin_canAddCoopAssetsAdjustmentTransaction() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101);
final var givenTransaction = jpaAttempt.transacted(() -> {
// TODO.impl: introduce something like transactedAsSuperuser / transactedAs("...", ...)
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
return coopAssetsTransactionRepo.save(HsOfficeCoopAssetsTransactionEntity.builder()
.transactionType(DEPOSIT)
.valueDate(LocalDate.of(2022, 10, 20))
@ -284,7 +285,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
@Test
void globalAdmin_canNotCancelMoreAssetsThanCurrentlySubscribed() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101);
RestAssured // @formatter:off
@ -322,7 +323,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
@Test
void globalAdmin_withoutAssumedRole_canGetArbitraryCoopAssetTransaction() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenCoopAssetTransactionUuid = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange(
null,
LocalDate.of(2010, 3, 15),
@ -345,7 +346,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
@Test
void normalUser_canNotGetUnrelatedCoopAssetTransaction() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenCoopAssetTransactionUuid = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange(
null,
LocalDate.of(2010, 3, 15),
@ -362,7 +363,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
@Test
void partnerPersonUser_canGetRelatedCoopAssetTransaction() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenCoopAssetTransactionUuid = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange(
null,
LocalDate.of(2010, 3, 15),
@ -390,7 +391,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
@AfterEach
void cleanup() {
jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null);
context.define(TEMP, "superuser-alex@hostsharing.net", null);
// HsOfficeCoopAssetsTransactionEntity respectively hs_office_coopassetstransaction_rv
// cannot be deleted at all, but the underlying table record can be deleted.
em.createNativeQuery("delete from hs_office_coopassetstransaction where reference like 'temp %'")

View File

@ -22,6 +22,7 @@ import jakarta.persistence.PersistenceContext;
import java.time.LocalDate;
import java.util.UUID;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
@ -54,7 +55,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
@AfterEach
void cleanup() {
jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null);
context.define(TEMP, "superuser-alex@hostsharing.net", null);
// HsOfficeCoopSharesTransactionEntity respectively hs_office_coopsharestransaction_rv
// cannot be deleted at all, but the underlying table record can be deleted.
em.createNativeQuery("delete from hs_office_coopsharestransaction where reference like 'temp %'").executeUpdate();
@ -82,7 +83,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
@Test
void globalAdmin_canFindCoopSharesTransactionsByMemberNumber() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000202);
RestAssured // @formatter:off
@ -137,7 +138,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
@Test
void globalAdmin_canFindCoopSharesTransactionsByMembershipUuidAndDateRange() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000202);
RestAssured // @formatter:off
@ -162,7 +163,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
@Test
void globalAdmin_canAddCoopSharesTransaction() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101);
final var location = RestAssured // @formatter:off
@ -193,11 +194,11 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
@Test
void globalAdmin_canAddCoopSharesAdjustmentTransaction() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101);
final var givenTransaction = jpaAttempt.transacted(() -> {
// TODO.impl: introduce something like transactedAsSuperuser / transactedAs("...", ...)
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
return coopSharesTransactionRepo.save(HsOfficeCoopSharesTransactionEntity.builder()
.transactionType(HsOfficeCoopSharesTransactionType.SUBSCRIPTION)
.valueDate(LocalDate.of(2022, 10, 20))
@ -261,7 +262,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
@Test
void globalAdmin_canNotCancelMoreSharesThanCurrentlySubscribed() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101);
RestAssured // @formatter:off
@ -289,7 +290,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
@Test
void globalAdmin_withoutAssumedRole_canGetArbitraryCoopShareTransaction() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(null, LocalDate.of(2010, 3, 15), LocalDate.of(2010, 3, 15)).get(0).getUuid();
RestAssured // @formatter:off
@ -302,7 +303,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
@Test
void normalUser_canNotGetUnrelatedCoopShareTransaction() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(null, LocalDate.of(2010, 3, 15), LocalDate.of(2010, 3, 15)).get(0).getUuid();
RestAssured // @formatter:off
@ -311,7 +312,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
@Test
void partnerPersonUser_canGetRelatedCoopShareTransaction() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(null, LocalDate.of(2010, 3, 15), LocalDate.of(2010, 3, 15)).get(0).getUuid();
RestAssured // @formatter:off

View File

@ -26,6 +26,7 @@ import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext;
import java.util.UUID;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.DEBITOR;
import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
@ -266,14 +267,14 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void globalAdmin_withoutAssumedRole_canAddDebitorWithBankAccount() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenPartner = partnerRepo.findPartnerByOptionalNameLike("Third").get(0);
final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0);
final var givenBankAccount = bankAccountRepo.findByOptionalHolderLike("Fourth").get(0);
final var givenBillingPerson = personRepo.findPersonByOptionalNameLike("Fourth").get(0);
final var givenDebitorRelUUid = jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
return relRepo.save(HsOfficeRelationEntity.builder()
.type(DEBITOR)
.anchor(givenPartner.getPartnerRel().getHolder())
@ -323,7 +324,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void globalAdmin_canAddDebitorWithoutJustRequiredData() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenPartner = partnerRepo.findPartnerByOptionalNameLike("Third").get(0);
final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0);
@ -375,7 +376,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void globalAdmin_canNotAddDebitor_ifContactDoesNotExist() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenPartner = partnerRepo.findPartnerByOptionalNameLike("Third").get(0);
final var givenContactUuid = UUID.fromString("00000000-0000-0000-0000-000000000000");
@ -412,7 +413,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void globalAdmin_canNotAddDebitor_ifDebitorRelDoesNotExist() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenDebitorRelUuid = UUID.fromString("00000000-0000-0000-0000-000000000000");
final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0);
@ -444,7 +445,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void globalAdmin_withoutAssumedRole_canGetArbitraryDebitor() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenDebitorUuid = debitorRepo.findDebitorByOptionalNameLike("First").get(0).getUuid();
RestAssured // @formatter:off
@ -505,7 +506,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void normalUser_canNotGetUnrelatedDebitor() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenDebitorUuid = debitorRepo.findDebitorByOptionalNameLike("First").get(0).getUuid();
RestAssured // @formatter:off
@ -520,7 +521,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void contactAdminUser_canGetRelatedDebitorExceptRefundBankAccount() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenDebitorUuid = debitorRepo.findDebitorByOptionalNameLike("first contact").get(0).getUuid();
RestAssured // @formatter:off
@ -549,7 +550,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void globalAdmin_withoutAssumedRole_canPatchArbitraryDebitor() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenDebitor = givenSomeTemporaryDebitor();
final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0);
@ -614,7 +615,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
// @formatter:on
// finally, the debitor is actually updated
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
assertThat(debitorRepo.findByUuid(givenDebitor.getUuid())).isPresent().get()
.matches(debitor -> {
assertThat(debitor.getDebitorRel().getHolder().getTradeName())
@ -630,7 +631,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void theContactOwner_canNotPatchARelatedDebitor() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenDebitor = givenSomeTemporaryDebitor();
// @formatter:on
@ -660,7 +661,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void globalAdmin_withoutAssumedRole_canDeleteArbitraryDebitor() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenDebitor = givenSomeTemporaryDebitor();
RestAssured // @formatter:off
@ -678,7 +679,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void contactAdminUser_canNotDeleteRelatedDebitor() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenDebitor = givenSomeTemporaryDebitor();
assertThat(givenDebitor.getDebitorRel().getContact().getLabel()).isEqualTo("fourth contact");
@ -697,7 +698,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void normalUser_canNotDeleteUnrelatedDebitor() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenDebitor = givenSomeTemporaryDebitor();
assertThat(givenDebitor.getDebitorRel().getContact().getLabel()).isEqualTo("fourth contact");
@ -717,7 +718,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
private HsOfficeDebitorEntity givenSomeTemporaryDebitor() {
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenPartner = partnerRepo.findPartnerByOptionalNameLike("Fourth").get(0);
final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth contact").get(0);
final var newDebitor = HsOfficeDebitorEntity.builder()
@ -743,7 +744,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
@AfterEach
void cleanup() {
jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var count = em.createQuery(
"DELETE FROM HsOfficeDebitorEntity d WHERE d.debitorNumberSuffix >= " + LOWEST_TEMP_DEBITOR_SUFFIX)
.executeUpdate();

View File

@ -22,6 +22,7 @@ import jakarta.persistence.PersistenceContext;
import java.time.LocalDate;
import java.util.UUID;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipStatus.ACTIVE;
import static net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipStatus.CANCELLED;
import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
@ -108,7 +109,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
@Test
void globalAdmin_canViewMembershipsByPartnerUuid() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var partner = partnerRepo.findPartnerByPartnerNumber(10001);
RestAssured // @formatter:off
@ -171,7 +172,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
@Test
void globalAdmin_canAddMembership() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenPartner = partnerRepo.findPartnerByOptionalNameLike("Third").get(0);
final var givenMemberSuffix = TEMP_MEMBER_NUMBER_SUFFIX;
final var expectedMemberNumber = Integer.parseInt(givenPartner.getPartnerNumber() + TEMP_MEMBER_NUMBER_SUFFIX);
@ -216,7 +217,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
@Test
void globalAdmin_canGetArbitraryMembership() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenMembershipUuid = membershipRepo.findMembershipByMemberNumber(1000101).getUuid();
RestAssured // @formatter:off
@ -242,7 +243,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
@Test
void normalUser_canNotGetUnrelatedMembership() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenMembershipUuid = membershipRepo.findMembershipByMemberNumber(1000101).getUuid();
RestAssured // @formatter:off
@ -257,7 +258,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
@Test
void parnerRelAgent_canGetRelatedMembership() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenMembershipUuid = membershipRepo.findMembershipByMemberNumber(1000303).getUuid();
RestAssured // @formatter:off
@ -289,7 +290,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
@Test
void globalAdmin_canPatchValidToOfArbitraryMembership() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenMembership = givenSomeTemporaryMembershipBessler("First");
final var location = RestAssured // @formatter:off
@ -332,7 +333,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
// given
final var givenPartnerAdmin = "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:ADMIN";
context.define("superuser-alex@hostsharing.net", givenPartnerAdmin);
context.define(TEMP, "superuser-alex@hostsharing.net", givenPartnerAdmin);
final var givenMembership = givenSomeTemporaryMembershipBessler("First");
// when
@ -368,7 +369,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
@Test
void globalAdmin_canDeleteArbitraryMembership() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenMembership = givenSomeTemporaryMembershipBessler("First");
RestAssured // @formatter:off
@ -386,7 +387,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
@Test
void partnerAgentUser_canNotDeleteRelatedMembership() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenMembership = givenSomeTemporaryMembershipBessler("First");
RestAssured // @formatter:off
@ -405,7 +406,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
@Test
void normalUser_canNotDeleteUnrelatedMembership() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenMembership = givenSomeTemporaryMembershipBessler("First");
RestAssured // @formatter:off
@ -424,7 +425,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
private HsOfficeMembershipEntity givenSomeTemporaryMembershipBessler(final String partnerName) {
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenPartner = partnerRepo.findPartnerByOptionalNameLike(partnerName).get(0);
final var newMembership = HsOfficeMembershipEntity.builder()
.uuid(UUID.randomUUID())
@ -442,7 +443,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
@AfterEach
void cleanup() {
jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null);
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var query = em.createQuery(
"DELETE FROM HsOfficeMembershipEntity m WHERE m.memberNumberSuffix >= '%s'"
.formatted(TEMP_MEMBER_NUMBER_SUFFIX)

View File

@ -20,6 +20,7 @@ import org.springframework.transaction.annotation.Transactional;
import java.util.UUID;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.EX_PARTNER;
import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
@ -88,7 +89,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void globalAdmin_withoutAssumedRole_canAddPartner() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenMandantPerson = personRepo.findPersonByOptionalNameLike("Hostsharing eG").stream().findFirst().orElseThrow();
final var givenPerson = personRepo.findPersonByOptionalNameLike("Third").stream().findFirst().orElseThrow();
final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").stream().findFirst().orElseThrow();
@ -148,7 +149,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void globalAdmin_canNotAddPartner_ifContactDoesNotExist() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenMandantPerson = personRepo.findPersonByOptionalNameLike("Hostsharing eG").get(0);
final var givenPerson = personRepo.findPersonByOptionalNameLike("Third").get(0);
@ -186,7 +187,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void globalAdmin_canNotAddPartner_ifPersonDoesNotExist() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var mandantPerson = personRepo.findPersonByOptionalNameLike("Hostsharing eG").get(0);
final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0);
@ -228,7 +229,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void globalAdmin_withoutAssumedRole_canGetArbitraryPartner() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var partners = partnerRepo.findAll();
final var givenPartnerUuid = partnerRepo.findPartnerByOptionalNameLike("First").get(0).getUuid();
@ -261,7 +262,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void normalUser_canNotGetUnrelatedPartner() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenPartnerUuid = partnerRepo.findPartnerByOptionalNameLike("First").get(0).getUuid();
RestAssured // @formatter:off
@ -276,7 +277,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void contactAdminUser_canGetRelatedPartner() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenPartnerUuid = partnerRepo.findPartnerByOptionalNameLike("first contact").get(0).getUuid();
RestAssured // @formatter:off
@ -306,7 +307,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void globalAdmin_withoutAssumedRole_canPatchAllPropertiesOfArbitraryPartner() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenPartner = givenSomeTemporaryPartnerBessler(20011);
final var givenPartnerRel = givenSomeTemporaryPartnerRel("Third OHG", "third contact");
@ -355,7 +356,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
// @formatter:on
// finally, the partner is actually updated
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
assertThat(partnerRepo.findByUuid(givenPartner.getUuid())).isPresent().get()
.matches(partner -> {
assertThat(partner.getPartnerNumber()).isEqualTo(givenPartner.getPartnerNumber());
@ -373,7 +374,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void patchingThePartnerRelCreatesExPartnerRel() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenPartner = givenSomeTemporaryPartnerBessler(20011);
final var givenPartnerRel = givenSomeTemporaryPartnerRel("Third OHG", "third contact");
@ -394,7 +395,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
// @formatter:on
// then the partner got actually updated
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
assertThat(partnerRepo.findByUuid(givenPartner.getUuid())).isPresent().get()
.matches(partner -> {
assertThat(partner.getPartnerRel().getHolder().getTradeName()).isEqualTo("Third OHG");
@ -412,7 +413,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void globalAdmin_withoutAssumedRole_canPatchPartialPropertiesOfArbitraryPartner() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenPartner = givenSomeTemporaryPartnerBessler(20012);
final var location = RestAssured // @formatter:off
@ -460,7 +461,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void globalAdmin_withoutAssumedRole_canDeleteArbitraryPartner() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenPartner = givenSomeTemporaryPartnerBessler(20013);
RestAssured // @formatter:off
@ -479,7 +480,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void contactAdminUser_canNotDeleteRelatedPartner() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenPartner = givenSomeTemporaryPartnerBessler(20014);
assertThat(givenPartner.getPartnerRel().getContact().getLabel()).isEqualTo("fourth contact");
@ -498,7 +499,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
@Test
void normalUser_canNotDeleteUnrelatedPartner() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenPartner = givenSomeTemporaryPartnerBessler(20015);
assertThat(givenPartner.getPartnerRel().getContact().getLabel()).isEqualTo("fourth contact");
@ -520,7 +521,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
final String partnerHolderName,
final String contactName) {
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenMandantPerson = personRepo.findPersonByOptionalNameLike("Hostsharing eG").stream().findFirst().orElseThrow();
final var givenPerson = personRepo.findPersonByOptionalNameLike(partnerHolderName).stream().findFirst().orElseThrow();
final var givenContact = contactRepo.findContactByOptionalLabelLike(contactName).stream().findFirst().orElseThrow();
@ -536,7 +537,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
}
private HsOfficePartnerEntity givenSomeTemporaryPartnerBessler(final Integer partnerNumber) {
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var partnerRel = em.merge(givenSomeTemporaryPartnerRel("Erben Bessler", "fourth contact"));
final var newPartner = HsOfficePartnerEntity.builder()

View File

@ -19,6 +19,7 @@ import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext;
import java.util.UUID;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
@ -111,7 +112,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
@Test
void globalAdmin_canGetArbitraryPerson() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenPersonUuid = personRepo.findPersonByOptionalNameLike("Erben").get(0).getUuid();
RestAssured // @formatter:off
@ -133,7 +134,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
@Test
void normalUser_canNotGetUnrelatedPerson() {
final var givenPersonUuid = jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
return personRepo.findPersonByOptionalNameLike("Erben").get(0).getUuid();
}).returnedValue();
@ -150,7 +151,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
@Test
void personOwnerUser_canGetRelatedPerson() {
final var givenPersonUuid = jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
return personRepo.findPersonByOptionalNameLike("Erben").get(0).getUuid();
}).returnedValue();
@ -209,7 +210,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
// @formatter:on
// finally, the person is actually updated
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
assertThat(personRepo.findByUuid(givenPerson.getUuid())).isPresent().get()
.matches(person -> {
assertThat(person.getPersonType()).isEqualTo(HsOfficePersonType.UNINCORPORATED_FIRM);
@ -249,7 +250,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
// @formatter:on
// finally, the person is actually updated
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
assertThat(personRepo.findByUuid(givenPerson.getUuid())).isPresent().get()
.matches(person -> {
assertThat(person.getPersonType()).isEqualTo(givenPerson.getPersonType());
@ -280,7 +281,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
// then the given person is gone
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
assertThat(personRepo.findByUuid(givenPerson.getUuid())).isEmpty();
}
@ -316,14 +317,14 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
// @formatter:on
// then the given person is still there
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
assertThat(personRepo.findByUuid(givenPerson.getUuid())).isNotEmpty();
}
}
private HsOfficePersonEntity givenSomeTemporaryPersonCreatedBy(final String creatingUser) {
return jpaAttempt.transacted(() -> {
context.define(creatingUser);
context.define(TEMP, creatingUser);
final var newPerson = HsOfficePersonEntity.builder()
.uuid(UUID.randomUUID())
.personType(HsOfficePersonType.LEGAL_PERSON)
@ -339,7 +340,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
@AfterEach
void cleanup() {
jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null);
context.define(TEMP, "superuser-alex@hostsharing.net", null);
em.createQuery("""
DELETE FROM HsOfficePersonEntity p
WHERE p.tradeName LIKE 'Temp %' OR p.givenName LIKE 'Temp %'

View File

@ -19,6 +19,7 @@ import org.springframework.transaction.annotation.Transactional;
import java.util.UUID;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
@ -61,7 +62,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
void globalAdmin_withoutAssumedRoles_canViewAllRelationsOfGivenPersonAndType_ifNoCriteriaGiven() throws JSONException {
// given
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenPerson = personRepo.findPersonByOptionalNameLike("Hostsharing eG").get(0);
RestAssured // @formatter:off
@ -122,7 +123,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
@Test
void globalAdmin_withoutAssumedRole_canAddRelation() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenAnchorPerson = personRepo.findPersonByOptionalNameLike("Third").get(0);
final var givenHolderPerson = personRepo.findPersonByOptionalNameLike("Paul").get(0);
final var givenContact = contactRepo.findContactByOptionalLabelLike("second").get(0);
@ -169,7 +170,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
@Test
void globalAdmin_canNotAddRelation_ifAnchorPersonDoesNotExist() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenAnchorPersonUuid = GIVEN_NON_EXISTING_HOLDER_PERSON_UUID;
final var givenHolderPerson = personRepo.findPersonByOptionalNameLike("Smith").get(0);
final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0);
@ -202,7 +203,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
@Test
void globalAdmin_canNotAddRelation_ifHolderPersonDoesNotExist() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenAnchorPerson = personRepo.findPersonByOptionalNameLike("Third").get(0);
final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0);
@ -234,7 +235,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
@Test
void globalAdmin_canNotAddRelation_ifContactDoesNotExist() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenAnchorPerson = personRepo.findPersonByOptionalNameLike("Third").get(0);
final var givenHolderPerson = personRepo.findPersonByOptionalNameLike("Paul").get(0);
final var givenContactUuid = UUID.fromString("00000000-0000-0000-0000-000000000000");
@ -270,7 +271,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
@Test
void globalAdmin_withoutAssumedRole_canGetArbitraryRelation() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final UUID givenRelationUuid = findRelation("First", "Firby").getUuid();
RestAssured // @formatter:off
@ -293,7 +294,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
@Test
void normalUser_canNotGetUnrelatedRelation() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final UUID givenRelationUuid = findRelation("First", "Firby").getUuid();
RestAssured // @formatter:off
@ -308,7 +309,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
@Test
void contactAdminUser_canGetRelatedRelation() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenRelation = findRelation("First", "Firby");
assertThat(givenRelation.getContact().getLabel()).isEqualTo("first contact");
@ -350,7 +351,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
@Test
void globalAdmin_withoutAssumedRole_canPatchContactOfArbitraryRelation() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenRelation = givenSomeTemporaryRelationBessler();
assertThat(givenRelation.getContact().getLabel()).isEqualTo("seventh contact");
final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0);
@ -378,7 +379,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
// @formatter:on
// finally, the relation is actually updated
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
assertThat(relationRepo.findByUuid(givenRelation.getUuid())).isPresent().get()
.matches(rel -> {
assertThat(rel.getAnchor().getTradeName()).contains("Bessler");
@ -395,7 +396,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
@Test
void globalAdmin_withoutAssumedRole_canDeleteArbitraryRelation() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenRelation = givenSomeTemporaryRelationBessler();
RestAssured // @formatter:off
@ -413,7 +414,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
@Test
void contactAdminUser_canNotDeleteRelatedRelation() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenRelation = givenSomeTemporaryRelationBessler();
assertThat(givenRelation.getContact().getLabel()).isEqualTo("seventh contact");
@ -432,7 +433,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
@Test
void normalUser_canNotDeleteUnrelatedRelation() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenRelation = givenSomeTemporaryRelationBessler();
assertThat(givenRelation.getContact().getLabel()).isEqualTo("seventh contact");
@ -452,7 +453,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
private HsOfficeRelationEntity givenSomeTemporaryRelationBessler() {
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
final var givenAnchorPerson = personRepo.findPersonByOptionalNameLike("Erben Bessler").get(0);
final var givenHolderPerson = personRepo.findPersonByOptionalNameLike("Winkler").get(0);
final var givenContact = contactRepo.findContactByOptionalLabelLike("seventh contact").get(0);

View File

@ -24,6 +24,7 @@ import java.time.LocalDate;
import java.util.UUID;
import static java.util.Optional.ofNullable;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
@ -105,7 +106,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
void globalAdmin_canAddSepaMandate() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenDebitor = debitorRepo.findDebitorByOptionalNameLike("Third").get(0);
final var givenBankAccount = bankAccountRepo.findByIbanOrderByIbanAsc("DE02200505501015871393").get(0);
@ -147,7 +148,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
void globalAdmin_canNotAddSepaMandateWhenDebitorUuidIsMissing() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenDebitor = debitorRepo.findDebitorByOptionalNameLike("Third").get(0);
final var givenBankAccount = bankAccountRepo.findByIbanOrderByIbanAsc("DE02200505501015871393").get(0);
@ -172,7 +173,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
void globalAdmin_canNotAddSepaMandate_ifBankAccountDoesNotExist() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenDebitor = debitorRepo.findDebitorByOptionalNameLike("Third").get(0);
final var givenBankAccountUuid = UUID.fromString("00000000-0000-0000-0000-000000000000");
@ -202,7 +203,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
void globalAdmin_canNotAddSepaMandate_ifPersonDoesNotExist() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenDebitorUuid = UUID.fromString("00000000-0000-0000-0000-000000000000");
final var givenBankAccount = bankAccountRepo.findByIbanOrderByIbanAsc("DE02200505501015871393").get(0);
@ -235,7 +236,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
void globalAdmin_canGetArbitrarySepaMandate() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenSepaMandateUuid = sepaMandateRepo.findSepaMandateByOptionalIban("DE02120300000000202051")
.get(0)
.getUuid();
@ -265,7 +266,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
void normalUser_canNotGetUnrelatedSepaMandate() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenSepaMandateUuid = sepaMandateRepo.findSepaMandateByOptionalIban("DE02120300000000202051")
.get(0)
.getUuid();
@ -282,7 +283,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
void bankAccountAdminUser_canGetRelatedSepaMandate() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenSepaMandateUuid = sepaMandateRepo.findSepaMandateByOptionalIban("DE02120300000000202051")
.get(0)
.getUuid();
@ -347,7 +348,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
// @formatter:on
// finally, the sepaMandate is actually updated
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
assertThat(sepaMandateRepo.findByUuid(givenSepaMandate.getUuid())).isPresent().get()
.matches(mandate -> {
assertThat(mandate.getDebitor().toString()).isEqualTo("debitor(D-1000111: rel(anchor='LP First GmbH', type='DEBITOR', holder='LP First GmbH'), fir)");
@ -362,7 +363,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
void globalAdmin_canPatchJustValidToOfArbitrarySepaMandate() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111);
final var location = RestAssured // @formatter:off
@ -402,7 +403,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
void globalAdmin_canNotPatchReferenceOfArbitrarySepaMandate() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111);
final var location = RestAssured // @formatter:off
@ -436,7 +437,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
void globalAdmin_canDeleteArbitrarySepaMandate() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111);
RestAssured // @formatter:off
@ -454,7 +455,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
void bankAccountAdminUser_canNotDeleteRelatedSepaMandate() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111);
RestAssured // @formatter:off
@ -472,7 +473,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
@Test
void normalUser_canNotDeleteUnrelatedSepaMandate() {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111);
RestAssured // @formatter:off
@ -491,7 +492,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
private HsOfficeSepaMandateEntity givenSomeTemporarySepaMandateForDebitorNumber(final int debitorNumber) {
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var givenDebitor = debitorRepo.findDebitorByDebitorNumber(debitorNumber).get(0);
final var bankAccountHolder = ofNullable(givenDebitor.getPartner().getPartnerRel().getHolder().getTradeName())
.orElse(givenDebitor.getPartner().getPartnerRel().getHolder().getFamilyName());
@ -514,7 +515,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
@AfterEach
void cleanup() {
jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null);
context.define(TEMP, "superuser-alex@hostsharing.net", null);
final var count = em.createQuery("DELETE FROM HsOfficeSepaMandateEntity s WHERE s.reference like 'temp %'")
.executeUpdate();
if (count == 0) {

View File

@ -10,6 +10,8 @@ import org.springframework.context.annotation.Import;
import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
@Import(RbacGrantsDiagramService.class)
public abstract class ContextBasedTest {
@ -41,7 +43,7 @@ public abstract class ContextBasedTest {
}
protected void context(final String currentUser, final String assumedRoles) {
context.define(test.getDisplayName(), null, currentUser, assumedRoles);
context.define(TEMP, test.getDisplayName(), null, currentUser, assumedRoles);
}
protected void context(final String currentUser) {

View File

@ -14,6 +14,7 @@ import org.springframework.transaction.annotation.Transactional;
import jakarta.servlet.http.HttpServletRequest;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static org.assertj.core.api.Assertions.assertThat;
@DataJpaTest
@ -34,7 +35,7 @@ class ContextIntegrationTests {
@Test
void defineWithoutHttpServletRequestUsesCallStack() {
context.define("superuser-alex@hostsharing.net", null);
context.define(TEMP, "superuser-alex@hostsharing.net", null);
assertThat(context.getCurrentTask())
.isEqualTo("ContextIntegrationTests.defineWithoutHttpServletRequestUsesCallStack");
@ -44,7 +45,7 @@ class ContextIntegrationTests {
@Transactional
void defineWithCurrentUserButWithoutAssumedRoles() {
// when
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
// then
assertThat(context.getCurrentUser()).
@ -62,7 +63,7 @@ class ContextIntegrationTests {
void defineWithoutCurrentUserButWithAssumedRoles() {
// when
final var result = jpaAttempt.transacted(() ->
context.define(null, "test_package#yyy00:ADMIN")
context.define(TEMP, null, "test_package#yyy00:ADMIN")
);
// then
@ -75,7 +76,7 @@ class ContextIntegrationTests {
void defineWithUnknownCurrentUser() {
// when
final var result = jpaAttempt.transacted(() ->
context.define("unknown@example.org")
context.define(TEMP, "unknown@example.org", null)
);
// then
@ -88,7 +89,7 @@ class ContextIntegrationTests {
@Transactional
void defineWithCurrentUserAndAssumedRoles() {
// given
context.define("superuser-alex@hostsharing.net", "test_customer#xxx:OWNER;test_customer#yyy:OWNER");
context.define(TEMP, "superuser-alex@hostsharing.net", "test_customer#xxx:OWNER;test_customer#yyy:OWNER");
// when
final var currentUser = context.getCurrentUser();
@ -104,7 +105,7 @@ class ContextIntegrationTests {
public void defineContextWithCurrentUserAndAssumeInaccessibleRole() {
// when
final var result = jpaAttempt.transacted(() ->
context.define("customer-admin@xxx.example.com", "test_package#yyy00:ADMIN")
context.define(TEMP, "customer-admin@xxx.example.com", "test_package#yyy00:ADMIN")
);
// then

View File

@ -20,6 +20,7 @@ import java.util.Collections;
import java.util.Map;
import java.util.stream.Stream;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.verify;
@ -29,6 +30,7 @@ class ContextUnitTest {
private static final String DEFINE_CONTEXT_QUERY_STRING = """
call defineContext(
cast(:currentScope as RbacObjectScope),
cast(:currentTask as varchar(127)),
cast(:currentRequest as text),
cast(:currentUser as varchar(63)),
@ -57,7 +59,7 @@ class ContextUnitTest {
void registerWithoutHttpServletRequestUsesCallStackForTask() {
given(em.createNativeQuery(any())).willReturn(nativeQuery);
context.define("current-user");
context.define(TEMP, "current-user", null);
verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING);
verify(nativeQuery).setParameter(
@ -69,7 +71,7 @@ class ContextUnitTest {
void registerWithoutHttpServletRequestUsesEmptyStringForRequest() {
given(em.createNativeQuery(any())).willReturn(nativeQuery);
context.define("current-user");
context.define(TEMP, "current-user", null);
verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING);
verify(nativeQuery).setParameter("currentRequest", null);
@ -114,7 +116,7 @@ class ContextUnitTest {
Map.entry("user-agent", "given-user-agent")),
"{}");
context.define("current-user");
context.define(TEMP, "current-user", null);
verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING);
verify(nativeQuery).setParameter("currentTask", "POST http://localhost:9999/api/endpoint");
@ -128,7 +130,7 @@ class ContextUnitTest {
Map.entry("user-agent", "given-user-agent")),
"{}");
context.define("current-user");
context.define(TEMP, "current-user", null);
verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING);
verify(nativeQuery).setParameter("currentRequest", """
@ -151,7 +153,7 @@ class ContextUnitTest {
Map.entry("user-agent", "given-user-agent")),
"{}");
context.define("current-user");
context.define(TEMP, "current-user", null);
verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING);
verify(nativeQuery).setParameter(eq("currentTask"), argThat((String t) -> t.length() == 127));

View File

@ -19,6 +19,7 @@ import java.util.EnumSet;
import java.util.UUID;
import static java.lang.String.join;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static org.assertj.core.api.Assertions.assertThat;
@DataJpaTest
@ -45,7 +46,7 @@ class RbacGrantsDiagramServiceIntegrationTest extends ContextBasedTestWithCleanu
}
protected void context(final String currentUser, final String assumedRoles) {
context.define(test.getDisplayName(), null, currentUser, assumedRoles);
context.define(TEMP, test.getDisplayName(), null, currentUser, assumedRoles);
}
protected void context(final String currentUser) {

View File

@ -15,6 +15,7 @@ import jakarta.persistence.EntityManager;
import jakarta.servlet.http.HttpServletRequest;
import java.util.List;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
@ -58,7 +59,7 @@ class RbacRoleRepositoryIntegrationTest {
@Test
public void globalAdmin_withoutAssumedRole_canViewAllRbacRoles() {
// given
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
// when
final var result = rbacRoleRepository.findAll();
@ -69,20 +70,20 @@ class RbacRoleRepositoryIntegrationTest {
@Test
public void globalAdmin_withAssumedglobalAdminRole_canViewAllRbacRoles() {
given:
context.define("superuser-alex@hostsharing.net", "global#global:ADMIN");
// given
context.define(TEMP, "superuser-alex@hostsharing.net", "global#global:ADMIN");
// when
final var result = rbacRoleRepository.findAll();
then:
// then
allTheseRbacRolesAreReturned(result, ALL_TEST_DATA_ROLES);
}
@Test
public void customerAdmin_withoutAssumedRole_canViewOnlyItsOwnRbacRole() {
// given:
context.define("customer-admin@xxx.example.com");
context.define(TEMP, "customer-admin@xxx.example.com", null);
// when:
final var result = rbacRoleRepository.findAll();
@ -121,7 +122,7 @@ class RbacRoleRepositoryIntegrationTest {
@Test
public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnRbacRole() {
context.define("customer-admin@xxx.example.com", "test_package#xxx00:ADMIN");
context.define(TEMP, "customer-admin@xxx.example.com", "test_package#xxx00:ADMIN");
final var result = rbacRoleRepository.findAll();
@ -138,7 +139,7 @@ class RbacRoleRepositoryIntegrationTest {
@Test
void anonymousUser_withoutAssumedRole_cannotViewAnyRbacRoles() {
context.define(null);
context.define(TEMP, null);
final var result = attempt(
em,
@ -155,7 +156,7 @@ class RbacRoleRepositoryIntegrationTest {
@Test
void customerAdmin_withoutAssumedRole_canFindItsOwnRolesByName() {
context.define("customer-admin@xxx.example.com");
context.define(TEMP, "customer-admin@xxx.example.com", null);
final var result = rbacRoleRepository.findByRoleName("test_customer#xxx:ADMIN");
@ -167,7 +168,7 @@ class RbacRoleRepositoryIntegrationTest {
@Test
void customerAdmin_withoutAssumedRole_canNotFindAlienRolesByName() {
context.define("customer-admin@xxx.example.com");
context.define(TEMP, "customer-admin@xxx.example.com", null);
final var result = rbacRoleRepository.findByRoleName("test_customer#bbb:ADMIN");

View File

@ -14,6 +14,7 @@ import org.springframework.transaction.annotation.Transactional;
import java.util.UUID;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.*;
@ -65,7 +66,7 @@ class RbacUserControllerAcceptanceTest {
// finally, the user can view its own record
final var newUserUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
context.define("new-user@example.com");
context.define(TEMP, "new-user@example.com", null);
assertThat(rbacUserRepository.findByUuid(newUserUuid))
.extracting(RbacUserEntity::getName).isEqualTo("new-user@example.com");
}
@ -436,7 +437,7 @@ class RbacUserControllerAcceptanceTest {
RbacUserEntity findRbacUserByName(final String userName) {
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net", null);
return rbacUserRepository.findByName(userName);
}).returnedValue();
}
@ -444,7 +445,7 @@ class RbacUserControllerAcceptanceTest {
RbacUserEntity givenANewUser() {
final var givenUserName = "test-user-" + System.currentTimeMillis() + "@example.com";
final var givenUser = jpaAttempt.transacted(() -> {
context.define(null);
context.define(TEMP, null);
return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), givenUserName));
}).assumeSuccessful().returnedValue();
assertThat(rbacUserRepository.findByName(givenUser.getName())).isNotNull();

View File

@ -1,5 +1,6 @@
package net.hostsharing.hsadminng.rbac.test;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.ContextBasedTest;
import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantEntity;
@ -12,7 +13,6 @@ import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.TestInfo;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.Repository;
import jakarta.persistence.*;
@ -21,6 +21,7 @@ import java.util.*;
import static java.lang.System.out;
import static java.util.Comparator.comparing;
import static java.util.stream.Collectors.toSet;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static org.apache.commons.collections4.SetUtils.difference;
import static org.assertj.core.api.Assertions.assertThat;
@ -45,7 +46,6 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
private TreeMap<UUID, Class<? extends RbacObject>> entitiesToCleanup = new TreeMap<>();
private static Long latestIntialTestDataSerialId;
private static boolean countersInitialized = false;
private static boolean initialTestDataValidated = false;
private static Long initialRbacObjectCount = null;
@ -99,7 +99,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
final UUID uuid = UUID.fromString(o.split(":")[1]);
final var exception = jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null);
context.define(TEMP, "superuser-alex@hostsharing.net", null);
em.remove(em.getReference(entityClass, uuid));
out.println("DELETING new " + entityClass.getSimpleName() + "#" + uuid + " SUCCEEDED");
}).caughtException();
@ -115,10 +115,6 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
void retrieveInitialTestData(final TestInfo testInfo) {
out.println(ContextBasedTestWithCleanup.class.getSimpleName() + ".retrieveInitialTestData");
if (latestIntialTestDataSerialId == null ) {
latestIntialTestDataSerialId = rbacObjectRepo.findLatestSerialId();
}
if (initialRbacObjects != null){
assertNoNewRbacObjectsRolesAndGrantsLeaked();
}
@ -126,7 +122,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
initialTestDataValidated = false;
jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null);
context.define(TEMP, "superuser-alex@hostsharing.net", null);
if (initialRbacObjects == null) {
initialRbacObjects = allRbacObjects();
@ -177,7 +173,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
private void cleanupTemporaryTestData() {
jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null);
context.define(TEMP, "superuser-alex@hostsharing.net", null);
entitiesToCleanup.reversed().forEach((uuid, entityClass) -> {
final var rvTableName = entityClass.getAnnotation(Table.class).name();
if ( !rvTableName.endsWith("_rv") ) {
@ -193,7 +189,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
private long assertNoNewRbacObjectsRolesAndGrantsLeaked() {
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
context.define(TEMP, "superuser-alex@hostsharing.net");
assertEqual(initialRbacObjects, allRbacObjects());
if (DETAILED_BUT_SLOW_CHECK) {
assertEqual(initialRbacRoles, allRbacRoles());
@ -215,11 +211,11 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
private void deleteLeakedRbacObjects() {
jpaAttempt.transacted(() -> rbacObjectRepo.findAll()).returnedValue().stream()
.filter(o -> o.serialId > latestIntialTestDataSerialId)
.filter(o -> o.scope == TEMP)
.sorted(comparing(o -> o.serialId))
.forEach(o -> {
final var exception = jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null);
context.define(TEMP, "superuser-alex@hostsharing.net", null);
em.createNativeQuery("DELETE FROM " + o.objectTable + " WHERE uuid=:uuid")
.setParameter("uuid", o.uuid)
@ -244,7 +240,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
@NotNull
private Set<String> allRbacGrants() {
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null);
context.define(TEMP, "superuser-alex@hostsharing.net", null);
return rbacGrantRepo.findAll().stream()
.map(RbacGrantEntity::toDisplay)
.collect(toSet());
@ -254,7 +250,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
@NotNull
private Set<String> allRbacRoles() {
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null);
context.define(TEMP, "superuser-alex@hostsharing.net", null);
return rbacRoleRepo.findAll().stream()
.map(RbacRoleEntity::getRoleName)
.collect(toSet());
@ -264,7 +260,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
@NotNull
private Set<String> allRbacObjects() {
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null);
context.define(TEMP, "superuser-alex@hostsharing.net", null);
return rbacObjectRepo.findAll().stream()
.map(RbacObjectEntity::toString)
.collect(toSet());
@ -299,9 +295,6 @@ interface RbacObjectRepository extends Repository<RbacObjectEntity, UUID> {
long count();
List<RbacObjectEntity> findAll();
@Query("SELECT max(r.serialId) FROM RbacObjectEntity r")
Long findLatestSerialId();
}
@Entity
@ -312,6 +305,10 @@ class RbacObjectEntity {
@GeneratedValue
UUID uuid;
@Column(name = "scope")
@Enumerated(EnumType.STRING)
Context.Scope scope;
@Column(name = "serialid")
long serialId;
@ -320,6 +317,6 @@ class RbacObjectEntity {
@Override
public String toString() {
return objectTable + ":" + uuid + ":" + serialId;
return objectTable + ":" + uuid + ":" + scope;
}
}

View File

@ -18,6 +18,7 @@ import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext;
import java.util.UUID;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.CoreMatchers.containsString;
import static org.hamcrest.Matchers.*;
@ -148,7 +149,7 @@ class TestCustomerControllerAcceptanceTest {
// finally, the new customer can be viewed by its own admin
final var newUserUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
context.define("superuser-fran@hostsharing.net", "test_customer#uuu:ADMIN");
context.define(TEMP, "superuser-fran@hostsharing.net", "test_customer#uuu:ADMIN");
assertThat(testCustomerRepository.findByUuid(newUserUuid))
.hasValueSatisfying(c -> assertThat(c.getPrefix()).isEqualTo("uuu"));
}
@ -179,7 +180,7 @@ class TestCustomerControllerAcceptanceTest {
// @formatter:on
// finally, the new customer was not created
context.define("superuser-fran@hostsharing.net");
context.define(TEMP, "superuser-fran@hostsharing.net", null);
assertThat(testCustomerRepository.findCustomerByOptionalPrefixLike("uuu")).hasSize(0);
}
@ -208,7 +209,7 @@ class TestCustomerControllerAcceptanceTest {
// @formatter:on
// finally, the new customer was not created
context.define("superuser-fran@hostsharing.net");
context.define(TEMP, "superuser-fran@hostsharing.net", null);
assertThat(testCustomerRepository.findCustomerByOptionalPrefixLike("uuu")).hasSize(0);
}
@ -236,7 +237,7 @@ class TestCustomerControllerAcceptanceTest {
@AfterEach
void cleanup() {
jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null);
context.define(TEMP, "superuser-alex@hostsharing.net", null);
em.createQuery("DELETE FROM TestCustomerEntity c WHERE c.reference < 99900").executeUpdate();
}).assertSuccessful();
}

View File

@ -16,6 +16,7 @@ import org.springframework.transaction.annotation.Transactional;
import java.util.UUID;
import static java.lang.String.format;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
@ -188,7 +189,7 @@ class TestPackageControllerAcceptanceTest {
}
String getDescriptionOfPackage(final String packageName) {
context.define("superuser-alex@hostsharing.net","test_customer#xxx:ADMIN");
context.define(TEMP, "superuser-alex@hostsharing.net","test_customer#xxx:ADMIN");
return testPackageRepository.findAllByOptionalNameLike(packageName).get(0).getDescription();
}
}

View File

@ -16,6 +16,7 @@ import jakarta.persistence.PersistenceContext;
import jakarta.servlet.http.HttpServletRequest;
import java.util.List;
import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
import static org.assertj.core.api.Assertions.assertThat;
@DataJpaTest
@ -41,7 +42,7 @@ class TestPackageRepositoryIntegrationTest extends ContextBasedTest {
public void globalAdmin_withoutAssumedRole_canNotViewAnyPackages_becauseThoseGrantsAreNotAssumed() {
// given
// alex is not just global-admin but lso the creating user, thus we use fran
context.define("superuser-fran@hostsharing.net");
context.define(TEMP, "superuser-fran@hostsharing.net", null);
// when
final var result = testPackageRepository.findAllByOptionalNameLike(null);
@ -52,20 +53,20 @@ class TestPackageRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withAssumedglobalAdminRole__canNotViewAnyPackages_becauseThoseGrantsAreNotAssumed() {
given:
context.define("superuser-alex@hostsharing.net", "global#global:ADMIN");
// given
context.define(TEMP, "superuser-alex@hostsharing.net", "global#global:ADMIN");
// when
final var result = testPackageRepository.findAllByOptionalNameLike(null);
then:
// then
noPackagesAreReturned(result);
}
@Test
public void customerAdmin_withoutAssumedRole_canViewOnlyItsOwnPackages() {
// given:
context.define("customer-admin@xxx.example.com");
context.define(TEMP, "customer-admin@xxx.example.com", null);
// when:
final var result = testPackageRepository.findAllByOptionalNameLike(null);
@ -76,7 +77,7 @@ class TestPackageRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnPackages() {
context.define("customer-admin@xxx.example.com", "test_package#xxx00:ADMIN");
context.define(TEMP, "customer-admin@xxx.example.com", "test_package#xxx00:ADMIN");
final var result = testPackageRepository.findAllByOptionalNameLike(null);
@ -123,7 +124,7 @@ class TestPackageRepositoryIntegrationTest extends ContextBasedTest {
}
private void globalAdminWithAssumedRole(final String assumedRoles) {
context.define("superuser-alex@hostsharing.net", assumedRoles);
context.define(TEMP, "superuser-alex@hostsharing.net", assumedRoles);
}
void noPackagesAreReturned(final List<TestPackageEntity> actualResult) {