RBAC Diagram+PostgreSQL Generator #21

Merged
hsh-michaelhoennig merged 54 commits from experimental-rbacview-generator into master 2024-03-11 12:30:44 +01:00
4 changed files with 29 additions and 11 deletions
Showing only changes of commit 4e2b17a216 - Show all commits

View File

@ -68,11 +68,13 @@ public class RbacGrantsDiagramService {
if (!includes.contains(PERMISSIONS) && g.getDescendantIdName().startsWith("perm ")) { if (!includes.contains(PERMISSIONS) && g.getDescendantIdName().startsWith("perm ")) {
return; return;
} }
if (!includes.contains(TEST_ENTITIES) && g.getDescendantIdName().contains(" test_")) { if ( !g.getDescendantIdName().startsWith("role global")) {
return; if (!includes.contains(TEST_ENTITIES) && g.getDescendantIdName().contains(" test_")) {
} return;
if (!includes.contains(NON_TEST_ENTITIES) && !g.getDescendantIdName().contains(" test_")) { }
return; if (!includes.contains(NON_TEST_ENTITIES) && !g.getDescendantIdName().contains(" test_")) {
return;
}
} }
graph.add(g); graph.add(g);
if (includes.contains(NOT_ASSUMED) || g.isAssumed()) { if (includes.contains(NOT_ASSUMED) || g.isAssumed()) {

View File

@ -45,12 +45,11 @@ begin
select * into newCust select * into newCust
from test_customer where reference=custReference; from test_customer where reference=custReference;
-- call grantRoleToUser( call grantRoleToUser(
-- getRoleId(testCustomerAdmin(newCust), 'fail'), getRoleId(testCustomerAdmin(newCust), 'fail'),
-- findRoleId(testCustomerOwner(newCust)), findRoleId(testCustomerOwner(newCust)),
-- custAd custAdminUuid,
-- minUuid, true);
-- true);
end; $$; end; $$;
--// --//

View File

@ -1,14 +1,20 @@
package net.hostsharing.hsadminng.context; package net.hostsharing.hsadminng.context;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.TestInfo; import org.junit.jupiter.api.TestInfo;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Import;
@Import(RbacGrantsDiagramService.class)
public abstract class ContextBasedTest { public abstract class ContextBasedTest {
@Autowired @Autowired
protected Context context; protected Context context;
@Autowired
protected RbacGrantsDiagramService diagramService;
TestInfo test; TestInfo test;
@BeforeEach @BeforeEach

View File

@ -2,6 +2,8 @@ package net.hostsharing.hsadminng.test.cust;
import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.context.ContextBasedTest; import net.hostsharing.hsadminng.context.ContextBasedTest;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService.Include;
import net.hostsharing.test.JpaAttempt; import net.hostsharing.test.JpaAttempt;
import org.junit.jupiter.api.Nested; import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@ -14,9 +16,11 @@ import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext; import jakarta.persistence.PersistenceContext;
import jakarta.persistence.PersistenceException; import jakarta.persistence.PersistenceException;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import java.util.EnumSet;
import java.util.List; import java.util.List;
import java.util.UUID; import java.util.UUID;
import static java.util.EnumSet.of;
import static net.hostsharing.test.JpaAttempt.attempt; import static net.hostsharing.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
@ -140,6 +144,13 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
@Test @Test
public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnCustomer() { public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnCustomer() {
context("customer-admin@xxx.example.com");
RbacGrantsDiagramService.writeToFile(
"customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnCustomer",
diagramService.allGrantsToCurrentUser(of(Include.USERS, Include.TEST_ENTITIES, Include.NOT_ASSUMED, Include.DETAILS, Include.PERMISSIONS)),
"doc/customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnCustomer.md"
);
context("customer-admin@xxx.example.com", "test_package#xxx00.admin"); context("customer-admin@xxx.example.com", "test_package#xxx00.admin");
final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(null); final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(null);