move Parter+Debitor person+contact to related Relationsship #20
@ -20,7 +20,7 @@ import java.util.UUID;
public class RawRbacGrantEntity {
public class RawRbacGrantEntity implements Comparable {
private UUID uuid;
@ -64,4 +64,9 @@ public class RawRbacGrantEntity {
// TODO: remove .distinct() once partner.person + are removed
public int compareTo(final Object o) {
return uuid.compareTo(((RawRbacGrantEntity)o).uuid);
@ -7,13 +7,33 @@ import org.springframework.stereotype.Service;
import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext;
import jakarta.validation.constraints.NotNull;
import java.util.*;
import static java.lang.String.join;
import static net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsMermaidService.Include.*;
public class RbacGrantsMermaidService {
public static void writeToFile(final String title, final String graph, final String fileName) {
try (BufferedWriter writer = new BufferedWriter(new FileWriter(fileName))) {
### all grants to %s
""".formatted(title, graph));
} catch (IOException e) {
throw new RuntimeException(e);
public enum Include {
@ -32,14 +52,14 @@ public class RbacGrantsMermaidService {
private EntityManager em;
public String allGrantsToCurrentUser(final EnumSet<Include> include) {
final var graph = new HashSet<String>();
final var graph = new HashSet<RawRbacGrantEntity>();
for ( UUID subjectUuid: context.currentSubjectsUuids() ) {
traverseGrantsTo(graph, subjectUuid, include);
return "flowchart TB\n\n" + String.join("\n", graph);
return toMermaidFlowchart(graph);
private void traverseGrantsTo(final Set<String> graph, final UUID refUuid, final EnumSet<Include> include) {
private void traverseGrantsTo(final Set<RawRbacGrantEntity> graph, final UUID refUuid, final EnumSet<Include> include) {
final var grants = rawGrantRepo.findByAscendingUuid(refUuid);
grants.forEach(g -> {
if (!include.contains(PERMISSIONS) && g.getDescendantIdName().startsWith("perm ")) {
@ -51,10 +71,7 @@ public class RbacGrantsMermaidService {
if (!include.contains(NON_TEST_ENTITIES) && !g.getDescendantIdName().contains(" test_")) {
node(g.getAscendantIdName()) +
(g.isAssumed() ? " --> " : " -.-> ") +
if (include.contains(NOT_ASSUMED) || g.isAssumed()) {
traverseGrantsTo(graph, g.getDescendantUuid(), include);
@ -66,54 +83,60 @@ public class RbacGrantsMermaidService {
.setParameter("targetObject", targetObject)
.setParameter("op", op)
final var graph = new HashSet<String>();
final var graph = new HashSet<RawRbacGrantEntity>();
traverseGrantsFrom(graph, refUuid, include);
return "flowchart TB\n\n" + String.join("\n", graph);
return toMermaidFlowchart(graph);
private void traverseGrantsFrom(final Set<String> graph, final UUID refUuid, final EnumSet<Include> include) {
private void traverseGrantsFrom(final Set<RawRbacGrantEntity> graph, final UUID refUuid, final EnumSet<Include> include) {
final var grants = rawGrantRepo.findByDescendantUuid(refUuid);
grants.forEach(g -> {
if (!include.contains(USERS) && g.getAscendantIdName().startsWith("user ")) {
node(g.getAscendantIdName()) +
(g.isAssumed() ? " --> " : " -.-> ") +
if (include.contains(NOT_ASSUMED) || g.isAssumed()) {
traverseGrantsFrom(graph, g.getAscendingUuid(), include);
private String node(final String idName) {
return quoted(idName) + display(idName);
private String toMermaidFlowchart(final HashSet<RawRbacGrantEntity> graph) {
return "%%{init:{'flowchart':{'htmlLabels':false}}}%%\n" +
"flowchart TB\n\n" +
.map(g -> node(g.getAscendantIdName(), g.getAscendingUuid()) +
(g.isAssumed() ? " --> " : " -.-> ") +
node(g.getDescendantIdName(), g.getDescendantUuid()))
private String display(final String idName) {
private String node(final String idName, final UUID uuid) {
return quoted(idName) + display(idName, uuid);
private String display(final String idName, final UUID uuid) {
// role hs_office_relationship#FirstGmbH-with-REPRESENTATIVE-FirbySusan.admin
// TODO: refactor by separate algorithms for perm/role/user
final var refType = idName.split(" ", 2)[0];
final var roleType = refType.equals("role")
? idName.substring(idName.lastIndexOf('.') + 1)
: refType.equals("perm")
? idName.split(" ")[1]
: null;
final var objectName = refType.equals("perm")
? idName.split(" ")[3]
: idName.substring(refType.length()+1, idName.length() - (roleType == null ? 0 : (roleType.length()-1)) );
final var tableName = objectName.contains("#") ? objectName.split("#")[0] : "";
final var instanceName = objectName.contains("#") ? objectName.split("#", 2)[1] : objectName;
final var displayName = "\n" + tableName + "\n" + instanceName + (roleType == null ? "" : ("\n" + roleType));
if (refType.equals("user")) {
return "(" + displayName + ")";
final var displayName = idName.substring(refType.length()+1);
return "(" + displayName + "\n" + uuid + ")";
if (refType.equals("role")) {
final var roleType = idName.substring(idName.lastIndexOf('.') + 1);
final var objectName = idName.substring(refType.length()+1, idName.length() - roleType.length() - 1);
final var tableName = objectName.contains("#") ? objectName.split("#")[0] : "";
final var instanceName = objectName.contains("#") ? objectName.split("#", 2)[1] : objectName;
final var displayName = "\n" + (tableName.equals("global") ? "" : tableName) + "\n" + instanceName + "\n" + uuid + "\n" + roleType;
return "[" + displayName + "]";
if (refType.equals("perm")) {
return "{{" + displayName + "}}";
final var roleType = idName.split(" ")[1];
final var objectName = idName.split(" ")[3];
final var tableName = objectName.contains("#") ? objectName.split("#")[0] : "";
final var instanceName = objectName.contains("#") ? objectName.split("#", 2)[1] : objectName;
final var displayName = "\n" + tableName + "\n" + instanceName + "\n" + uuid + (roleType == null ? "" : ("\n" + roleType));return "{{" + displayName + "}}";
return "";
@ -109,12 +109,15 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTestWithClean
"{ grant role hs_office_contact#anothernewcontact.owner to role global#global.admin by system and assume }",
"{ grant perm edit on hs_office_contact#anothernewcontact to role hs_office_contact#anothernewcontact.admin by system and assume }",
"{ grant perm * on hs_office_contact#anothernewcontact to role hs_office_contact#anothernewcontact.owner by system and assume }",
"{ grant role hs_office_contact#anothernewcontact.owner to role global#global.admin by system and assume }",
"{ grant role hs_office_contact#anothernewcontact.owner to user by global#global.admin and assume }",
"{ grant perm edit on hs_office_contact#anothernewcontact to role hs_office_contact#anothernewcontact.admin by system and assume }",
"{ grant role hs_office_contact#anothernewcontact.admin to role hs_office_contact#anothernewcontact.owner by system and assume }",
"{ grant perm view on hs_office_contact#anothernewcontact to role hs_office_contact#anothernewcontact.referrer by system and assume }",
"{ grant role hs_office_contact#anothernewcontact.owner to user by global#global.admin and assume }"
"{ grant role hs_office_contact#anothernewcontact.referrer to role hs_office_contact#anothernewcontact.admin by system and assume }"
@ -23,27 +23,27 @@ class HsOfficeCoopAssetsTransactionEntityUnitTest {
void toStringContainsAlmostAllPropertiesAccount() {
final var result = givenCoopAssetTransaction.toString();
assertThat(result).isEqualTo("CoopAssetsTransaction(1000101, 2020-01-01, DEPOSIT, 128.00, some-ref)");
assertThat(result).isEqualTo("CoopAssetsTransaction(M-1000101: 2020-01-01, DEPOSIT, 128.00, some-ref)");
void toShortStringContainsOnlyMemberNumberSuffixAndSharesCountOnly() {
final var result = givenCoopAssetTransaction.toShortString();
void toStringWithEmptyTransactionDoesNotThrowException() {
final var result = givenEmptyCoopAssetsTransaction.toString();
assertThat(result).isEqualTo("CoopAssetsTransaction(M-?????: )");
void toShortStringEmptyTransactionDoesNotThrowException() {
final var result = givenEmptyCoopAssetsTransaction.toShortString();
@ -141,17 +141,17 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
// then
"CoopAssetsTransaction(1000101, 2010-03-15, DEPOSIT, 320.00, ref 1000101-1, initial deposit)",
"CoopAssetsTransaction(1000101, 2021-09-01, DISBURSAL, -128.00, ref 1000101-2, partial disbursal)",
"CoopAssetsTransaction(1000101, 2022-10-20, ADJUSTMENT, 128.00, ref 1000101-3, some adjustment)",
"CoopAssetsTransaction(M-1000101: 2010-03-15, DEPOSIT, 320.00, ref 1000101-1, initial deposit)",
"CoopAssetsTransaction(M-1000101: 2021-09-01, DISBURSAL, -128.00, ref 1000101-2, partial disbursal)",
"CoopAssetsTransaction(M-1000101: 2022-10-20, ADJUSTMENT, 128.00, ref 1000101-3, some adjustment)",
"CoopAssetsTransaction(1000202, 2010-03-15, DEPOSIT, 320.00, ref 1000202-1, initial deposit)",
"CoopAssetsTransaction(1000202, 2021-09-01, DISBURSAL, -128.00, ref 1000202-2, partial disbursal)",
"CoopAssetsTransaction(1000202, 2022-10-20, ADJUSTMENT, 128.00, ref 1000202-3, some adjustment)",
"CoopAssetsTransaction(M-1000202: 2010-03-15, DEPOSIT, 320.00, ref 1000202-1, initial deposit)",
"CoopAssetsTransaction(M-1000202: 2021-09-01, DISBURSAL, -128.00, ref 1000202-2, partial disbursal)",
"CoopAssetsTransaction(M-1000202: 2022-10-20, ADJUSTMENT, 128.00, ref 1000202-3, some adjustment)",
"CoopAssetsTransaction(1000303, 2010-03-15, DEPOSIT, 320.00, ref 1000303-1, initial deposit)",
"CoopAssetsTransaction(1000303, 2021-09-01, DISBURSAL, -128.00, ref 1000303-2, partial disbursal)",
"CoopAssetsTransaction(1000303, 2022-10-20, ADJUSTMENT, 128.00, ref 1000303-3, some adjustment)");
"CoopAssetsTransaction(M-1000303: 2010-03-15, DEPOSIT, 320.00, ref 1000303-1, initial deposit)",
"CoopAssetsTransaction(M-1000303: 2021-09-01, DISBURSAL, -128.00, ref 1000303-2, partial disbursal)",
"CoopAssetsTransaction(M-1000303: 2022-10-20, ADJUSTMENT, 128.00, ref 1000303-3, some adjustment)");
@ -169,9 +169,9 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
// then
"CoopAssetsTransaction(1000202, 2010-03-15, DEPOSIT, 320.00, ref 1000202-1, initial deposit)",
"CoopAssetsTransaction(1000202, 2021-09-01, DISBURSAL, -128.00, ref 1000202-2, partial disbursal)",
"CoopAssetsTransaction(1000202, 2022-10-20, ADJUSTMENT, 128.00, ref 1000202-3, some adjustment)");
"CoopAssetsTransaction(M-1000202: 2010-03-15, DEPOSIT, 320.00, ref 1000202-1, initial deposit)",
"CoopAssetsTransaction(M-1000202: 2021-09-01, DISBURSAL, -128.00, ref 1000202-2, partial disbursal)",
"CoopAssetsTransaction(M-1000202: 2022-10-20, ADJUSTMENT, 128.00, ref 1000202-3, some adjustment)");
@ -189,13 +189,16 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
// then
"CoopAssetsTransaction(1000202, 2021-09-01, DISBURSAL, -128.00, ref 1000202-2, partial disbursal)");
"CoopAssetsTransaction(M-1000202: 2021-09-01, DISBURSAL, -128.00, ref 1000202-2, partial disbursal)");
public void normalUser_canViewOnlyRelatedCoopAssetsTransactions() {
public void representative_canViewRelatedCoopAssetsTransactions() {
// given:
context("", "hs_office_partner#10001:FirstGmbH-firstcontact.admin");
// TODO: once the debitor-relationship roles and grants are implemented, this should work:
// context("", "hs_office_person#FirbySusan.admin");
// for now we can only use the debitor admin, which would be a Hostsharing admin, though:
context("", "hs_office_debitor#1000111:FirstGmbH-firstcontact.admin");
// when:
final var result = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange(
@ -206,9 +209,10 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
// then:
"CoopAssetsTransaction(1000101, 2010-03-15, DEPOSIT, 320.00, ref 1000101-1, initial deposit)",
"CoopAssetsTransaction(1000101, 2021-09-01, DISBURSAL, -128.00, ref 1000101-2, partial disbursal)",
"CoopAssetsTransaction(1000101, 2022-10-20, ADJUSTMENT, 128.00, ref 1000101-3, some adjustment)");
// TODO: fix M-null to M-1000101 once the debitor+memberhip grants are amended to partner relationship
"CoopAssetsTransaction(M-null: 2010-03-15, DEPOSIT, 320.00, ref 1000101-1, initial deposit)",
"CoopAssetsTransaction(M-null: 2021-09-01, DISBURSAL, -128.00, ref 1000101-2, partial disbursal)",
"CoopAssetsTransaction(M-null: 2022-10-20, ADJUSTMENT, 128.00, ref 1000101-3, some adjustment)");
@ -82,7 +82,7 @@ class HsOfficePartnerEntityPatcherUnitTest extends PatchUnitTestBase<
protected Stream<Property> propertyTestDescriptors() {
return Stream.of(
new JsonNullableProperty<>(
@ -1,15 +1,15 @@
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsMermaidService;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsMermaidService.Include;
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
import net.hostsharing.test.Array;
import net.hostsharing.test.JpaAttempt;
@ -26,10 +26,11 @@ import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext;
import jakarta.servlet.http.HttpServletRequest;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import static java.lang.String.join;
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.test.Array.fromFormatted;
@ -37,7 +38,7 @@ import static net.hostsharing.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
@Import( { Context.class, JpaAttempt.class })
@Import( { Context.class, JpaAttempt.class, RbacGrantsMermaidService.class })
class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithCleanup {
@ -58,6 +59,9 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
RawRbacGrantRepository rawGrantRepo;
RbacGrantsMermaidService mermaidService;
EntityManager em;
@ -67,8 +71,6 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
HttpServletRequest request;
Set<HsOfficePartnerEntity> tempPartners = new HashSet<>();
class CreatePartner {
@ -77,17 +79,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
// given
final var count = partnerRepo.count();
final var givenMandantorPerson = personRepo.findPersonByOptionalNameLike("Hostsharing eG").get(0);
final var givenPartnerPerson = personRepo.findPersonByOptionalNameLike("First GmbH").get(0);
final var givenContact = contactRepo.findContactByOptionalLabelLike("first contact").get(0);
final var partnerRole = HsOfficeRelationshipEntity.builder()
final var partnerRole = givenSomeTemporaryHostsharingPartnerRole("First GmbH", "first contact");
// when
final var result = attempt(em, () -> {
@ -142,66 +134,44 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
// then
.map(s -> s.replace("ErbenBesslerMelBessler", "EBess"))
.map(s -> s.replace("fourthcontact", "4th"))
.map(s -> s.replace("hs_office_", ""))
// relationship - TODO: check and cleanup
"{ grant role person#HostsharingeG.tenant to role person#EBess.admin by system and assume }",
"{ grant role person#EBess.tenant to role person#HostsharingeG.admin by system and assume }",
"{ grant role relationship#HostsharingeG-with-PARTNER-EBess.tenant to role partner#20032:EBess-4th.admin by system and assume }",
"{ grant role relationship#HostsharingeG-with-PARTNER-EBess.tenant to role partner#20032:EBess-4th.tenant by system and assume }",
"{ grant role partner#20032:EBess-4th.agent to role relationship#HostsharingeG-with-PARTNER-EBess.admin by system and assume }",
"{ grant role relationship#HostsharingeG-with-PARTNER-EBess.owner to role global#global.admin by system and assume }",
"{ grant role relationship#HostsharingeG-with-PARTNER-EBess.tenant to role contact#4th.admin by system and assume }",
"{ grant role relationship#HostsharingeG-with-PARTNER-EBess.tenant to role person#EBess.admin by system and assume }",
"{ grant role relationship#HostsharingeG-with-PARTNER-EBess.owner to role person#HostsharingeG.admin by system and assume }",
"{ grant role relationship#HostsharingeG-with-PARTNER-EBess.tenant to role person#HostsharingeG.admin by system and assume }",
"{ grant perm edit on relationship#HostsharingeG-with-PARTNER-EBess to role relationship#HostsharingeG-with-PARTNER-EBess.admin by system and assume }",
"{ grant role relationship#HostsharingeG-with-PARTNER-EBess.tenant to role relationship#HostsharingeG-with-PARTNER-EBess.admin by system and assume }",
// permissions on partner
"{ grant perm * on partner#20032:EBess-4th to role relationship#HostsharingeG-with-PARTNER-EBess.owner by system and assume }",
"{ grant perm edit on partner#20032:EBess-4th to role relationship#HostsharingeG-with-PARTNER-EBess.admin by system and assume }",
"{ grant perm view on partner#20032:EBess-4th to role relationship#HostsharingeG-with-PARTNER-EBess.tenant by system and assume }",
// permissions on partner-details
"{ grant perm * on partner_details#20032:EBess-4th-details to role relationship#HostsharingeG-with-PARTNER-EBess.owner by system and assume }",
"{ grant perm edit on partner_details#20032:EBess-4th-details to role relationship#HostsharingeG-with-PARTNER-EBess.admin by system and assume }",
"{ grant perm view on partner_details#20032:EBess-4th-details to role relationship#HostsharingeG-with-PARTNER-EBess.agent by system and assume }",
// relationship owner
"{ grant perm * on relationship#HostsharingeG-with-PARTNER-EBess to role relationship#HostsharingeG-with-PARTNER-EBess.owner by system and assume }",
"{ grant role relationship#HostsharingeG-with-PARTNER-EBess.owner to role global#global.admin by system and assume }",
// relationship admin
"{ grant perm edit on relationship#HostsharingeG-with-PARTNER-EBess to role relationship#HostsharingeG-with-PARTNER-EBess.admin by system and assume }",
"{ grant role relationship#HostsharingeG-with-PARTNER-EBess.admin to role relationship#HostsharingeG-with-PARTNER-EBess.owner by system and assume }",
"{ grant role relationship#HostsharingeG-with-PARTNER-EBess.admin to role person#HostsharingeG.admin by system and assume }",
"{ grant role relationship#HostsharingeG-with-PARTNER-EBess.agent to role relationship#HostsharingeG-with-PARTNER-EBess.admin by system and assume }",
"{ grant role relationship#HostsharingeG-with-PARTNER-EBess.agent to role person#EBess.admin by system and assume }",
"{ grant role relationship#HostsharingeG-with-PARTNER-EBess.agent to role contact#4th.admin by system and assume }",
// relationship tenant
"{ grant perm view on relationship#HostsharingeG-with-PARTNER-EBess to role relationship#HostsharingeG-with-PARTNER-EBess.tenant by system and assume }",
"{ grant role contact#4th.tenant to role relationship#HostsharingeG-with-PARTNER-EBess.tenant by system and assume }",
"{ grant role person#EBess.tenant to role relationship#HostsharingeG-with-PARTNER-EBess.tenant by system and assume }",
"{ grant role person#HostsharingeG.tenant to role relationship#HostsharingeG-with-PARTNER-EBess.tenant by system and assume }",
// owner
"{ grant perm * on partner#20032:EBess-4th to role partner#20032:EBess-4th.owner by system and assume }",
"{ grant perm * on partner_details#20032:EBess-4th-details to role partner#20032:EBess-4th.owner by system and assume }",
"{ grant role partner#20032:EBess-4th.owner to role global#global.admin by system and assume }",
// admin
"{ grant perm edit on partner#20032:EBess-4th to role partner#20032:EBess-4th.admin by system and assume }",
"{ grant perm edit on partner_details#20032:EBess-4th-details to role partner#20032:EBess-4th.admin by system and assume }",
"{ grant role partner#20032:EBess-4th.admin to role partner#20032:EBess-4th.owner by system and assume }",
"{ grant role person#EBess.tenant to role partner#20032:EBess-4th.admin by system and assume }",
"{ grant role contact#4th.tenant to role partner#20032:EBess-4th.admin by system and assume }",
// agent
"{ grant perm view on partner_details#20032:EBess-4th-details to role partner#20032:EBess-4th.agent by system and assume }",
"{ grant role partner#20032:EBess-4th.agent to role partner#20032:EBess-4th.admin by system and assume }",
"{ grant role partner#20032:EBess-4th.agent to role person#EBess.admin by system and assume }",
"{ grant role partner#20032:EBess-4th.agent to role contact#4th.admin by system and assume }",
// tenant
"{ grant role partner#20032:EBess-4th.tenant to role partner#20032:EBess-4th.agent by system and assume }",
"{ grant role person#EBess.guest to role partner#20032:EBess-4th.tenant by system and assume }",
"{ grant role contact#4th.guest to role partner#20032:EBess-4th.tenant by system and assume }",
// guest
"{ grant perm view on partner#20032:EBess-4th to role partner#20032:EBess-4th.guest by system and assume }",
"{ grant role partner#20032:EBess-4th.guest to role partner#20032:EBess-4th.tenant by system and assume }",
"{ grant role relationship#HostsharingeG-with-PARTNER-EBess.tenant to role relationship#HostsharingeG-with-PARTNER-EBess.agent by system and assume }",
"{ grant role person#HostsharingeG.referrer to role relationship#HostsharingeG-with-PARTNER-EBess.tenant by system and assume }",
"{ grant role person#EBess.referrer to role relationship#HostsharingeG-with-PARTNER-EBess.tenant by system and assume }",
"{ grant role contact#4th.referrer to role relationship#HostsharingeG-with-PARTNER-EBess.tenant by system and assume }",
@ -242,7 +212,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
final var result = partnerRepo.findPartnerByOptionalNameLike(null);
// then:
exactlyThesePartnersAreReturned(result, "partner(P-10001: LP First GmbH: first contact)");
exactlyThesePartnersAreReturned(result, "partner(P-10001: LP First GmbH, first contact)");
@ -288,24 +258,29 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
public void hostsharingAdmin_withoutAssumedRole_canUpdateArbitraryPartner() {
// given
final var givenPartner = givenSomeTemporaryPartnerBessler(20036, "Erben Bessler", "fifth contact");
final var givenPartner = givenSomeTemporaryHostsharingPartner(20036, "Erben Bessler", "fifth contact");
final var givenNewPerson = personRepo.findPersonByOptionalNameLike("Third OHG").get(0);
final var givenNewContact = contactRepo.findContactByOptionalLabelLike("sixth contact").get(0);
final var givenNewPartnerRole = givenSomeTemporaryPartnerRole(givenNewPerson, givenNewContact);
// when
RbacGrantsMermaidService.writeToFile("givenPartner with partner Erben Bessler + fifth contact",
mermaidService.allGrantsFrom(givenPartner.getUuid(), "view", EnumSet.of(Include.USERS)),
final var result = jpaAttempt.transacted(() -> {
givenPartner.setPartnerRole(givenSomeTemporaryHostsharingPartnerRole("Third OHG", "sixth contact"));
// then
RbacGrantsMermaidService.writeToFile("givenPartner with partner to Third OHG + sixth contact",
mermaidService.allGrantsFrom(result.returnedValue().getUuid(), "view", EnumSet.of(Include.USERS)),
@ -321,7 +296,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
public void partnerAgent_canNotUpdateRelatedPartner() {
// given
final var givenPartner = givenSomeTemporaryPartnerBessler(20037, "Erben Bessler", "ninth");
final var givenPartner = givenSomeTemporaryHostsharingPartner(20037, "Erben Bessler", "ninth");
@ -342,7 +317,8 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
private void assertThatPartnerActuallyInDatabase(final HsOfficePartnerEntity saved) {
final var found = partnerRepo.findByUuid(saved.getUuid());
found.get().getPartnerRole(); // TODO: remove and uncomment the next line:
// assertThat(found).isNotEmpty().get().isNotSameAs(saved).usingRecursiveComparison().isEqualTo(saved);
private void assertThatPartnerIsVisibleForUserWithRole(
@ -359,6 +335,10 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
final String assumedRoles) {
jpaAttempt.transacted(() -> {
context("", assumedRoles);
RbacGrantsMermaidService.writeToFile("givenPartner within assertThatPartnerIsNotVisibleForUserWithRole",
mermaidService.allGrantsFrom(entity.getUuid(), "view", EnumSet.of(Include.USERS)),
final var found = partnerRepo.findByUuid(entity.getUuid());
@ -372,7 +352,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
public void globalAdmin_withoutAssumedRole_canDeleteAnyPartner() {
// given
context("", null);
final var givenPartner = givenSomeTemporaryPartnerBessler(20032, "Erben Bessler", "tenth");
final var givenPartner = givenSomeTemporaryHostsharingPartner(20032, "Erben Bessler", "tenth");
// when
final var result = jpaAttempt.transacted(() -> {
@ -392,7 +372,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
public void nonGlobalAdmin_canNotDeleteTheirRelatedPartner() {
// given
context("", null);
final var givenPartner = givenSomeTemporaryPartnerBessler(20032, "Erben Bessler", "eleventh");
final var givenPartner = givenSomeTemporaryHostsharingPartner(20033, "Erben Bessler", "eleventh");
// when
final var result = jpaAttempt.transacted(() -> {
@ -418,7 +398,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
final var initialRoleNames = Array.from(distinctRoleNamesOf(rawRoleRepo.findAll()));
final var initialGrantNames = Array.from(distinctGrantDisplaysOf(rawGrantRepo.findAll()));
final var givenPartner = givenSomeTemporaryPartnerBessler(20034, "Erben Bessler", "twelfth");
final var givenPartner = givenSomeTemporaryHostsharingPartner(20034, "Erben Bessler", "twelfth");
// when
final var result = jpaAttempt.transacted(() -> {
@ -455,28 +435,12 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
"[creating partner test-data Seconde.K.-secondcontact, hs_office_partner, INSERT]");
private HsOfficeRelationshipEntity givenSomeTemporaryPartnerRole(
final HsOfficePersonEntity givenNewPerson,
final HsOfficeContactEntity givenNewContact) {
return HsOfficeRelationshipEntity.builder().build();
private HsOfficePartnerEntity givenSomeTemporaryPartnerBessler(
private HsOfficePartnerEntity givenSomeTemporaryHostsharingPartner(
final Integer partnerNumber, final String person, final String contact) {
return jpaAttempt.transacted(() -> {
final var givenMandantorPerson = personRepo.findPersonByOptionalNameLike("Hostsharing eG").get(0);
final var givenPartnerPerson = personRepo.findPersonByOptionalNameLike(person).get(0);
final var givenContact = contactRepo.findContactByOptionalLabelLike(contact).get(0);
final var partnerRole = HsOfficeRelationshipEntity.builder()
em.flush(); // TODO: why is that necessary?
final var partnerRole = givenSomeTemporaryHostsharingPartnerRole(person, contact);
// em.flush(); // TODO: why is that necessary?
final var newPartner = HsOfficePartnerEntity.builder()
@ -488,6 +452,21 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
private HsOfficeRelationshipEntity givenSomeTemporaryHostsharingPartnerRole(final String person, final String contact) {
final var givenMandantorPerson = personRepo.findPersonByOptionalNameLike("Hostsharing eG").get(0);
final var givenPartnerPerson = personRepo.findPersonByOptionalNameLike(person).get(0);
final var givenContact = contactRepo.findContactByOptionalLabelLike(contact).get(0);
final var partnerRole = HsOfficeRelationshipEntity.builder()
return partnerRole;
void exactlyThesePartnersAreReturned(final List<HsOfficePartnerEntity> actualResult, final String... partnerNames) {
.extracting(partnerEntity -> partnerEntity.toString())
@ -12,8 +12,6 @@ import org.springframework.boot.test.mock.mockito.MockBean;
import org.springframework.context.annotation.Import;
import jakarta.servlet.http.HttpServletRequest;
import java.util.EnumSet;
import java.util.UUID;
@ -124,7 +122,7 @@ class RbacGrantsMermaidServiceIntegrationTest extends ContextBasedTestWithCleanu
// @Disabled
void print() throws IOException {
//context("", "hs_office_person#FirbySusan.admin");
@ -134,14 +132,6 @@ class RbacGrantsMermaidServiceIntegrationTest extends ContextBasedTestWithCleanu
final var targetObject = (UUID) em.createNativeQuery("SELECT uuid FROM hs_office_coopassetstransaction WHERE reference='ref 1000101-1'").getSingleResult();
final var graph = grantsMermaidService.allGrantsFrom(targetObject, "view", EnumSet.of(Include.USERS));
try (BufferedWriter writer = new BufferedWriter(new FileWriter("doc/"))) {
### all grants to %s
""".formatted(join(";", context.getAssumedRoles()), graph));
RbacGrantsMermaidService.writeToFile(join(";", context.getAssumedRoles()), graph, "doc/");
Reference in New Issue
Block a user