RBAC Diagram+PostgreSQL Generator #21
@ -68,11 +68,13 @@ public class RbacGrantsDiagramService {
|
|||||||
if (!includes.contains(PERMISSIONS) && g.getDescendantIdName().startsWith("perm ")) {
|
if (!includes.contains(PERMISSIONS) && g.getDescendantIdName().startsWith("perm ")) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if (!includes.contains(TEST_ENTITIES) && g.getDescendantIdName().contains(" test_")) {
|
if ( !g.getDescendantIdName().startsWith("role global")) {
|
||||||
return;
|
if (!includes.contains(TEST_ENTITIES) && g.getDescendantIdName().contains(" test_")) {
|
||||||
}
|
return;
|
||||||
if (!includes.contains(NON_TEST_ENTITIES) && !g.getDescendantIdName().contains(" test_")) {
|
}
|
||||||
return;
|
if (!includes.contains(NON_TEST_ENTITIES) && !g.getDescendantIdName().contains(" test_")) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
graph.add(g);
|
graph.add(g);
|
||||||
if (includes.contains(NOT_ASSUMED) || g.isAssumed()) {
|
if (includes.contains(NOT_ASSUMED) || g.isAssumed()) {
|
||||||
|
|||||||
@ -45,12 +45,11 @@ begin
|
|||||||
|
|
||||||
select * into newCust
|
select * into newCust
|
||||||
from test_customer where reference=custReference;
|
from test_customer where reference=custReference;
|
||||||
-- call grantRoleToUser(
|
call grantRoleToUser(
|
||||||
-- getRoleId(testCustomerAdmin(newCust), 'fail'),
|
getRoleId(testCustomerAdmin(newCust), 'fail'),
|
||||||
-- findRoleId(testCustomerOwner(newCust)),
|
findRoleId(testCustomerOwner(newCust)),
|
||||||
-- custAd
|
custAdminUuid,
|
||||||
-- minUuid,
|
true);
|
||||||
-- true);
|
|
||||||
end; $$;
|
end; $$;
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|||||||
@ -1,14 +1,20 @@
|
|||||||
package net.hostsharing.hsadminng.context;
|
package net.hostsharing.hsadminng.context;
|
||||||
|
|
||||||
|
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService;
|
||||||
import org.junit.jupiter.api.BeforeEach;
|
import org.junit.jupiter.api.BeforeEach;
|
||||||
import org.junit.jupiter.api.TestInfo;
|
import org.junit.jupiter.api.TestInfo;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.context.annotation.Import;
|
||||||
|
|
||||||
|
@Import(RbacGrantsDiagramService.class)
|
||||||
public abstract class ContextBasedTest {
|
public abstract class ContextBasedTest {
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
protected Context context;
|
protected Context context;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
protected RbacGrantsDiagramService diagramService;
|
||||||
|
|
||||||
TestInfo test;
|
TestInfo test;
|
||||||
|
|
||||||
@BeforeEach
|
@BeforeEach
|
||||||
|
|||||||
@ -2,6 +2,8 @@ package net.hostsharing.hsadminng.test.cust;
|
|||||||
|
|
||||||
import net.hostsharing.hsadminng.context.Context;
|
import net.hostsharing.hsadminng.context.Context;
|
||||||
import net.hostsharing.hsadminng.context.ContextBasedTest;
|
import net.hostsharing.hsadminng.context.ContextBasedTest;
|
||||||
|
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService;
|
||||||
|
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService.Include;
|
||||||
import net.hostsharing.test.JpaAttempt;
|
import net.hostsharing.test.JpaAttempt;
|
||||||
import org.junit.jupiter.api.Nested;
|
import org.junit.jupiter.api.Nested;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
@ -14,9 +16,11 @@ import jakarta.persistence.EntityManager;
|
|||||||
import jakarta.persistence.PersistenceContext;
|
import jakarta.persistence.PersistenceContext;
|
||||||
import jakarta.persistence.PersistenceException;
|
import jakarta.persistence.PersistenceException;
|
||||||
import jakarta.servlet.http.HttpServletRequest;
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
|
import java.util.EnumSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
|
import static java.util.EnumSet.of;
|
||||||
import static net.hostsharing.test.JpaAttempt.attempt;
|
import static net.hostsharing.test.JpaAttempt.attempt;
|
||||||
import static org.assertj.core.api.Assertions.assertThat;
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
|
|
||||||
@ -140,6 +144,13 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnCustomer() {
|
public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnCustomer() {
|
||||||
|
context("customer-admin@xxx.example.com");
|
||||||
|
RbacGrantsDiagramService.writeToFile(
|
||||||
|
"customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnCustomer",
|
||||||
|
diagramService.allGrantsToCurrentUser(of(Include.USERS, Include.TEST_ENTITIES, Include.NOT_ASSUMED, Include.DETAILS, Include.PERMISSIONS)),
|
||||||
|
"doc/customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnCustomer.md"
|
||||||
|
);
|
||||||
|
|
||||||
context("customer-admin@xxx.example.com", "test_package#xxx00.admin");
|
context("customer-admin@xxx.example.com", "test_package#xxx00.admin");
|
||||||
|
|
||||||
final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(null);
|
final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(null);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user