RBAC Diagram+PostgreSQL Generator #21
@ -8,8 +8,8 @@ public interface RbacUserPermission {
|
||||
String getRoleName();
|
||||
UUID getPermissionUuid();
|
||||
String getOp();
|
||||
String getOpTableName();
|
||||
String getObjectTable();
|
||||
String getObjectIdName();
|
||||
UUID getObjectUuid();
|
||||
|
||||
}
|
||||
|
@ -58,7 +58,7 @@ begin
|
||||
select roleIdName from rbacRole_ev where uuid=grantedByRoleUuid into grantedByRoleIdName;
|
||||
select roleIdName from rbacRole_ev where uuid=grantedRoleUuid into grantedRoleIdName;
|
||||
raise exception '[403] Access to granted role % (%) forbidden for % (%)',
|
||||
grantedRoleIdName, grantedRoleUuid, grantedByRoleUuid, grantedByRoleIdName;
|
||||
grantedRoleIdName, grantedRoleUuid, grantedByRoleIdName, grantedByRoleUuid;
|
||||
end if;
|
||||
|
||||
insert
|
||||
|
@ -341,7 +341,7 @@ grant all privileges on RbacOwnGrantedPermissions_rv to ${HSADMINNG_POSTGRES_RES
|
||||
|
||||
*/
|
||||
create or replace function grantedPermissions(targetUserUuid uuid)
|
||||
returns table(roleUuid uuid, roleName text, permissionUuid uuid, op RbacOp, objectTable varchar, objectIdName varchar, objectUuid uuid)
|
||||
returns table(roleUuid uuid, roleName text, permissionUuid uuid, op RbacOp, opTableName varchar(60), objectTable varchar(60), objectIdName varchar, objectUuid uuid)
|
||||
returns null on null input
|
||||
language plpgsql as $$
|
||||
declare
|
||||
@ -357,11 +357,13 @@ begin
|
||||
return query select
|
||||
xp.roleUuid,
|
||||
(xp.roleObjectTable || '#' || xp.roleObjectIdName || '.' || xp.roleType) as roleName,
|
||||
xp.permissionUuid, xp.op, xp.permissionObjectTable, xp.permissionObjectIdName, xp.permissionObjectUuid
|
||||
xp.permissionUuid, xp.op, xp.opTableName,
|
||||
xp.permissionObjectTable, xp.permissionObjectIdName, xp.permissionObjectUuid
|
||||
from (select
|
||||
r.uuid as roleUuid, r.roletype, ro.objectTable as roleObjectTable,
|
||||
findIdNameByObjectUuid(ro.objectTable, ro.uuid) as roleObjectIdName,
|
||||
p.uuid as permissionUuid, p.op, po.objecttable as permissionObjectTable,
|
||||
p.uuid as permissionUuid, p.op, p.opTableName,
|
||||
po.objecttable as permissionObjectTable,
|
||||
findIdNameByObjectUuid(po.objectTable, po.uuid) as permissionObjectIdName,
|
||||
po.uuid as permissionObjectUuid
|
||||
from queryPermissionsGrantedToSubjectId( targetUserUuid) as p
|
||||
|
@ -73,14 +73,14 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
||||
.contentType("application/json")
|
||||
.body("", hasItem(
|
||||
allOf(
|
||||
hasEntry("grantedByRoleIdName", "global#global.admin"),
|
||||
hasEntry("grantedByRoleIdName", "test_customer#xxx.owner"),
|
||||
hasEntry("grantedRoleIdName", "test_customer#xxx.admin"),
|
||||
hasEntry("granteeUserName", "customer-admin@xxx.example.com")
|
||||
)
|
||||
))
|
||||
.body("", hasItem(
|
||||
allOf(
|
||||
hasEntry("grantedByRoleIdName", "global#global.admin"),
|
||||
hasEntry("grantedByRoleIdName", "test_customer#yyy.owner"),
|
||||
hasEntry("grantedRoleIdName", "test_customer#yyy.admin"),
|
||||
hasEntry("granteeUserName", "customer-admin@yyy.example.com")
|
||||
)
|
||||
@ -296,7 +296,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
||||
result.assertThat()
|
||||
.statusCode(403)
|
||||
.body("message", containsString("Access to granted role"))
|
||||
.body("message", containsString("forbidden for {test_package#xxx00.admin}"));
|
||||
.body("message", containsString("forbidden for test_package#xxx00.admin"));
|
||||
assertThat(findAllGrantsOf(givenCurrentUserAsPackageAdmin))
|
||||
.extracting(RbacGrantEntity::getGranteeUserName)
|
||||
.doesNotContain(givenNewUser.getName());
|
||||
|
@ -84,7 +84,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
|
||||
// then
|
||||
exactlyTheseRbacGrantsAreReturned(
|
||||
result,
|
||||
"{ grant role test_customer#xxx.admin to user customer-admin@xxx.example.com by role global#global.admin and assume }",
|
||||
"{ grant role test_customer#xxx.admin to user customer-admin@xxx.example.com by role test_customer#xxx.owner and assume }",
|
||||
"{ grant role test_package#xxx00.admin to user pac-admin-xxx00@xxx.example.com by role test_customer#xxx.admin and assume }",
|
||||
"{ grant role test_package#xxx01.admin to user pac-admin-xxx01@xxx.example.com by role test_customer#xxx.admin and assume }",
|
||||
"{ grant role test_package#xxx02.admin to user pac-admin-xxx02@xxx.example.com by role test_customer#xxx.admin and assume }");
|
||||
@ -162,8 +162,8 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
|
||||
// then
|
||||
attempt.assertExceptionWithRootCauseMessage(
|
||||
JpaSystemException.class,
|
||||
"ERROR: [403] Access to granted role " + given.packageOwnerRoleUuid
|
||||
+ " forbidden for {test_package#xxx00.admin}");
|
||||
"ERROR: [403] Access to granted role test_package#xxx00.owner",
|
||||
"forbidden for test_package#xxx00.admin");
|
||||
jpaAttempt.transacted(() -> {
|
||||
// finally, we use the new user to make sure, no roles were granted
|
||||
context(given.arbitraryUser.getName(), null);
|
||||
|
@ -288,19 +288,14 @@ class RbacUserControllerAcceptanceTest {
|
||||
.body("", hasItem(
|
||||
allOf(
|
||||
hasEntry("roleName", "test_customer#yyy.tenant"),
|
||||
hasEntry("op", "select"))
|
||||
))
|
||||
.body("", hasItem(
|
||||
allOf(
|
||||
hasEntry("roleName", "test_package#yyy00.admin"),
|
||||
hasEntry("op", "add-domain"))
|
||||
hasEntry("op", "SELECT"))
|
||||
))
|
||||
.body("", hasItem(
|
||||
allOf(
|
||||
hasEntry("roleName", "test_domain#yyy00-aaaa.owner"),
|
||||
hasEntry("op", "delete"))
|
||||
hasEntry("op", "DELETE"))
|
||||
))
|
||||
.body("size()", is(7));
|
||||
.body("size()", is(6));
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@ -313,7 +308,7 @@ class RbacUserControllerAcceptanceTest {
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_package#yyy00.admin")
|
||||
.header("assumed-roles", "test_customer#yyy.admin")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions")
|
||||
@ -323,19 +318,14 @@ class RbacUserControllerAcceptanceTest {
|
||||
.body("", hasItem(
|
||||
allOf(
|
||||
hasEntry("roleName", "test_customer#yyy.tenant"),
|
||||
hasEntry("op", "select"))
|
||||
))
|
||||
.body("", hasItem(
|
||||
allOf(
|
||||
hasEntry("roleName", "test_package#yyy00.admin"),
|
||||
hasEntry("op", "add-domain"))
|
||||
hasEntry("op", "SELECT"))
|
||||
))
|
||||
.body("", hasItem(
|
||||
allOf(
|
||||
hasEntry("roleName", "test_domain#yyy00-aaaa.owner"),
|
||||
hasEntry("op", "delete"))
|
||||
hasEntry("op", "DELETE"))
|
||||
))
|
||||
.body("size()", is(7));
|
||||
.body("size()", is(6));
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@ -357,19 +347,14 @@ class RbacUserControllerAcceptanceTest {
|
||||
.body("", hasItem(
|
||||
allOf(
|
||||
hasEntry("roleName", "test_customer#yyy.tenant"),
|
||||
hasEntry("op", "select"))
|
||||
))
|
||||
.body("", hasItem(
|
||||
allOf(
|
||||
hasEntry("roleName", "test_package#yyy00.admin"),
|
||||
hasEntry("op", "add-domain"))
|
||||
hasEntry("op", "SELECT"))
|
||||
))
|
||||
.body("", hasItem(
|
||||
allOf(
|
||||
hasEntry("roleName", "test_domain#yyy00-aaaa.owner"),
|
||||
hasEntry("op", "delete"))
|
||||
hasEntry("op", "DELETE"))
|
||||
))
|
||||
.body("size()", is(7));
|
||||
.body("size()", is(6));
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
|
@ -183,47 +183,47 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
||||
// @formatter:off
|
||||
"global#global.admin -> global#global: add-customer",
|
||||
|
||||
"test_customer#xxx.admin -> test_customer#xxx: add-package",
|
||||
"test_customer#xxx.admin -> test_customer#xxx: view",
|
||||
"test_customer#xxx.owner -> test_customer#xxx: *",
|
||||
"test_customer#xxx.tenant -> test_customer#xxx: view",
|
||||
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
|
||||
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
|
||||
"test_package#xxx00.tenant -> test_package#xxx00: view",
|
||||
"test_package#xxx01.admin -> test_package#xxx01: add-domain",
|
||||
"test_package#xxx01.admin -> test_package#xxx01: add-domain",
|
||||
"test_package#xxx01.tenant -> test_package#xxx01: view",
|
||||
"test_package#xxx02.admin -> test_package#xxx02: add-domain",
|
||||
"test_package#xxx02.admin -> test_package#xxx02: add-domain",
|
||||
"test_package#xxx02.tenant -> test_package#xxx02: view",
|
||||
"test_customer#xxx.admin -> test_customer#xxx: SELECT",
|
||||
"test_customer#xxx.owner -> test_customer#xxx: DELETE",
|
||||
"test_customer#xxx.tenant -> test_customer#xxx: SELECT",
|
||||
"test_customer#xxx.admin -> test_customer#xxx: INSERT:test_package",
|
||||
"test_package#xxx00.admin -> test_package#xxx00: INSERT:test_domain",
|
||||
"test_package#xxx00.admin -> test_package#xxx00: INSERT:test_domain",
|
||||
"test_package#xxx00.tenant -> test_package#xxx00: SELECT",
|
||||
"test_package#xxx01.admin -> test_package#xxx01: INSERT:test_domain",
|
||||
"test_package#xxx01.admin -> test_package#xxx01: INSERT:test_domain",
|
||||
"test_package#xxx01.tenant -> test_package#xxx01: SELECT",
|
||||
"test_package#xxx02.admin -> test_package#xxx02: INSERT:test_domain",
|
||||
"test_package#xxx02.admin -> test_package#xxx02: INSERT:test_domain",
|
||||
"test_package#xxx02.tenant -> test_package#xxx02: SELECT",
|
||||
|
||||
"test_customer#yyy.admin -> test_customer#yyy: add-package",
|
||||
"test_customer#yyy.admin -> test_customer#yyy: view",
|
||||
"test_customer#yyy.owner -> test_customer#yyy: *",
|
||||
"test_customer#yyy.tenant -> test_customer#yyy: view",
|
||||
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
|
||||
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
|
||||
"test_package#yyy00.tenant -> test_package#yyy00: view",
|
||||
"test_package#yyy01.admin -> test_package#yyy01: add-domain",
|
||||
"test_package#yyy01.admin -> test_package#yyy01: add-domain",
|
||||
"test_package#yyy01.tenant -> test_package#yyy01: view",
|
||||
"test_package#yyy02.admin -> test_package#yyy02: add-domain",
|
||||
"test_package#yyy02.admin -> test_package#yyy02: add-domain",
|
||||
"test_package#yyy02.tenant -> test_package#yyy02: view",
|
||||
"test_customer#yyy.admin -> test_customer#yyy: SELECT",
|
||||
"test_customer#yyy.owner -> test_customer#yyy: DELETE",
|
||||
"test_customer#yyy.tenant -> test_customer#yyy: SELECT",
|
||||
"test_customer#yyy.admin -> test_customer#yyy: INSERT:test_package",
|
||||
"test_package#yyy00.admin -> test_package#yyy00: INSERT:test_domain",
|
||||
"test_package#yyy00.admin -> test_package#yyy00: INSERT:test_domain",
|
||||
"test_package#yyy00.tenant -> test_package#yyy00: SELECT",
|
||||
"test_package#yyy01.admin -> test_package#yyy01: INSERT:test_domain",
|
||||
"test_package#yyy01.admin -> test_package#yyy01: INSERT:test_domain",
|
||||
"test_package#yyy01.tenant -> test_package#yyy01: SELECT",
|
||||
"test_package#yyy02.admin -> test_package#yyy02: INSERT:test_domain",
|
||||
"test_package#yyy02.admin -> test_package#yyy02: INSERT:test_domain",
|
||||
"test_package#yyy02.tenant -> test_package#yyy02: SELECT",
|
||||
|
||||
"test_customer#zzz.admin -> test_customer#zzz: add-package",
|
||||
"test_customer#zzz.admin -> test_customer#zzz: view",
|
||||
"test_customer#zzz.owner -> test_customer#zzz: *",
|
||||
"test_customer#zzz.tenant -> test_customer#zzz: view",
|
||||
"test_package#zzz00.admin -> test_package#zzz00: add-domain",
|
||||
"test_package#zzz00.admin -> test_package#zzz00: add-domain",
|
||||
"test_package#zzz00.tenant -> test_package#zzz00: view",
|
||||
"test_package#zzz01.admin -> test_package#zzz01: add-domain",
|
||||
"test_package#zzz01.admin -> test_package#zzz01: add-domain",
|
||||
"test_package#zzz01.tenant -> test_package#zzz01: view",
|
||||
"test_package#zzz02.admin -> test_package#zzz02: add-domain",
|
||||
"test_package#zzz02.admin -> test_package#zzz02: add-domain",
|
||||
"test_package#zzz02.tenant -> test_package#zzz02: view"
|
||||
"test_customer#zzz.admin -> test_customer#zzz: SELECT",
|
||||
"test_customer#zzz.owner -> test_customer#zzz: DELETE",
|
||||
"test_customer#zzz.tenant -> test_customer#zzz: SELECT",
|
||||
"test_customer#zzz.admin -> test_customer#zzz: INSERT:test_package",
|
||||
"test_package#zzz00.admin -> test_package#zzz00: INSERT:test_domain",
|
||||
"test_package#zzz00.admin -> test_package#zzz00: INSERT:test_domain",
|
||||
"test_package#zzz00.tenant -> test_package#zzz00: SELECT",
|
||||
"test_package#zzz01.admin -> test_package#zzz01: INSERT:test_domain",
|
||||
"test_package#zzz01.admin -> test_package#zzz01: INSERT:test_domain",
|
||||
"test_package#zzz01.tenant -> test_package#zzz01: SELECT",
|
||||
"test_package#zzz02.admin -> test_package#zzz02: INSERT:test_domain",
|
||||
"test_package#zzz02.admin -> test_package#zzz02: INSERT:test_domain",
|
||||
"test_package#zzz02.tenant -> test_package#zzz02: SELECT"
|
||||
// @formatter:on
|
||||
);
|
||||
|
||||
@ -251,32 +251,32 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
||||
allTheseRbacPermissionsAreReturned(
|
||||
result,
|
||||
// @formatter:off
|
||||
"test_customer#xxx.admin -> test_customer#xxx: add-package",
|
||||
"test_customer#xxx.admin -> test_customer#xxx: view",
|
||||
"test_customer#xxx.tenant -> test_customer#xxx: view",
|
||||
"test_customer#xxx.admin -> test_customer#xxx: INSERT:test_package",
|
||||
"test_customer#xxx.admin -> test_customer#xxx: SELECT",
|
||||
"test_customer#xxx.tenant -> test_customer#xxx: SELECT",
|
||||
|
||||
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
|
||||
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
|
||||
"test_package#xxx00.tenant -> test_package#xxx00: view",
|
||||
"test_domain#xxx00-aaaa.owner -> test_domain#xxx00-aaaa: *",
|
||||
"test_package#xxx00.admin -> test_package#xxx00: INSERT:test_domain",
|
||||
"test_package#xxx00.admin -> test_package#xxx00: INSERT:test_domain",
|
||||
"test_package#xxx00.tenant -> test_package#xxx00: SELECT",
|
||||
"test_domain#xxx00-aaaa.owner -> test_domain#xxx00-aaaa: DELETE",
|
||||
|
||||
"test_package#xxx01.admin -> test_package#xxx01: add-domain",
|
||||
"test_package#xxx01.admin -> test_package#xxx01: add-domain",
|
||||
"test_package#xxx01.tenant -> test_package#xxx01: view",
|
||||
"test_domain#xxx01-aaaa.owner -> test_domain#xxx01-aaaa: *",
|
||||
"test_package#xxx01.admin -> test_package#xxx01: INSERT:test_domain",
|
||||
"test_package#xxx01.admin -> test_package#xxx01: INSERT:test_domain",
|
||||
"test_package#xxx01.tenant -> test_package#xxx01: SELECT",
|
||||
"test_domain#xxx01-aaaa.owner -> test_domain#xxx01-aaaa: DELETE",
|
||||
|
||||
"test_package#xxx02.admin -> test_package#xxx02: add-domain",
|
||||
"test_package#xxx02.admin -> test_package#xxx02: add-domain",
|
||||
"test_package#xxx02.tenant -> test_package#xxx02: view",
|
||||
"test_domain#xxx02-aaaa.owner -> test_domain#xxx02-aaaa: *"
|
||||
"test_package#xxx02.admin -> test_package#xxx02: INSERT:test_domain",
|
||||
"test_package#xxx02.admin -> test_package#xxx02: INSERT:test_domain",
|
||||
"test_package#xxx02.tenant -> test_package#xxx02: SELECT",
|
||||
"test_domain#xxx02-aaaa.owner -> test_domain#xxx02-aaaa: DELETE"
|
||||
// @formatter:on
|
||||
);
|
||||
noneOfTheseRbacPermissionsAreReturned(
|
||||
result,
|
||||
// @formatter:off
|
||||
"test_customer#yyy.admin -> test_customer#yyy: add-package",
|
||||
"test_customer#yyy.admin -> test_customer#yyy: view",
|
||||
"test_customer#yyy.tenant -> test_customer#yyy: view"
|
||||
"test_customer#yyy.admin -> test_customer#yyy: INSERT:test_package",
|
||||
"test_customer#yyy.admin -> test_customer#yyy: SELECT",
|
||||
"test_customer#yyy.tenant -> test_customer#yyy: SELECT"
|
||||
// @formatter:on
|
||||
);
|
||||
}
|
||||
@ -311,26 +311,26 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
||||
allTheseRbacPermissionsAreReturned(
|
||||
result,
|
||||
// @formatter:off
|
||||
"test_customer#xxx.tenant -> test_customer#xxx: view",
|
||||
"test_customer#xxx.tenant -> test_customer#xxx: SELECT",
|
||||
// "test_customer#xxx.admin -> test_customer#xxx: view" - Not permissions through the customer admin!
|
||||
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
|
||||
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
|
||||
"test_package#xxx00.tenant -> test_package#xxx00: view",
|
||||
"test_domain#xxx00-aaaa.owner -> test_domain#xxx00-aaaa: *",
|
||||
"test_domain#xxx00-aaab.owner -> test_domain#xxx00-aaab: *"
|
||||
"test_package#xxx00.admin -> test_package#xxx00: INSERT:test_domain",
|
||||
"test_package#xxx00.admin -> test_package#xxx00: INSERT:test_domain",
|
||||
"test_package#xxx00.tenant -> test_package#xxx00: SELECT",
|
||||
"test_domain#xxx00-aaaa.owner -> test_domain#xxx00-aaaa: DELETE",
|
||||
"test_domain#xxx00-aaab.owner -> test_domain#xxx00-aaab: DELETE"
|
||||
// @formatter:on
|
||||
);
|
||||
noneOfTheseRbacPermissionsAreReturned(
|
||||
result,
|
||||
// @formatter:off
|
||||
"test_customer#yyy.admin -> test_customer#yyy: add-package",
|
||||
"test_customer#yyy.admin -> test_customer#yyy: view",
|
||||
"test_customer#yyy.tenant -> test_customer#yyy: view",
|
||||
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
|
||||
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
|
||||
"test_package#yyy00.tenant -> test_package#yyy00: view",
|
||||
"test_domain#yyy00-aaaa.owner -> test_domain#yyy00-aaaa: *",
|
||||
"test_domain#yyy00-aaab.owner -> test_domain#yyy00-aaab: *"
|
||||
"test_customer#yyy.admin -> test_customer#yyy: INSERT:test_package",
|
||||
"test_customer#yyy.admin -> test_customer#yyy: SELECT",
|
||||
"test_customer#yyy.tenant -> test_customer#yyy: SELECT",
|
||||
"test_package#yyy00.admin -> test_package#yyy00: INSERT:test_domain",
|
||||
"test_package#yyy00.admin -> test_package#yyy00: INSERT:test_domain",
|
||||
"test_package#yyy00.tenant -> test_package#yyy00: SELECT",
|
||||
"test_domain#yyy00-aaaa.owner -> test_domain#yyy00-aaaa: DELETE",
|
||||
"test_domain#yyy00-aaab.owner -> test_domain#yyy00-aaab: DELETE"
|
||||
// @formatter:on
|
||||
);
|
||||
}
|
||||
@ -359,11 +359,10 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
||||
allTheseRbacPermissionsAreReturned(
|
||||
result,
|
||||
// @formatter:off
|
||||
"test_customer#xxx.tenant -> test_customer#xxx: view",
|
||||
"test_customer#xxx.tenant -> test_customer#xxx: SELECT",
|
||||
// "test_customer#xxx.admin -> test_customer#xxx: view" - Not permissions through the customer admin!
|
||||
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
|
||||
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
|
||||
"test_package#xxx00.tenant -> test_package#xxx00: view"
|
||||
"test_package#xxx00.admin -> test_package#xxx00: INSERT:test_domain",
|
||||
"test_package#xxx00.tenant -> test_package#xxx00: SELECT"
|
||||
// @formatter:on
|
||||
);
|
||||
noneOfTheseRbacPermissionsAreReturned(
|
||||
@ -373,13 +372,13 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
||||
"test_customer#xxx.admin -> test_customer#xxx: add-package",
|
||||
// no permissions on other customer's objects
|
||||
"test_customer#yyy.admin -> test_customer#yyy: add-package",
|
||||
"test_customer#yyy.admin -> test_customer#yyy: view",
|
||||
"test_customer#yyy.tenant -> test_customer#yyy: view",
|
||||
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
|
||||
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
|
||||
"test_package#yyy00.tenant -> test_package#yyy00: view",
|
||||
"test_domain#yyy00-aaaa.owner -> test_domain#yyy00-aaaa: *",
|
||||
"test_domain#yyy00-xxxb.owner -> test_domain#yyy00-xxxb: *"
|
||||
"test_customer#yyy.admin -> test_customer#yyy: SELECT",
|
||||
"test_customer#yyy.tenant -> test_customer#yyy: SELECT",
|
||||
"test_package#yyy00.admin -> test_package#yyy00: INSERT:test_domain",
|
||||
"test_package#yyy00.admin -> test_package#yyy00: INSERT:test_domain",
|
||||
"test_package#yyy00.tenant -> test_package#yyy00: SELECT",
|
||||
"test_domain#yyy00-aaaa.owner -> test_domain#yyy00-aaaa: DELETE",
|
||||
"test_domain#yyy00-xxxb.owner -> test_domain#yyy00-xxxb: DELETE"
|
||||
// @formatter:on
|
||||
);
|
||||
}
|
||||
@ -432,7 +431,8 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
||||
final List<RbacUserPermission> actualResult,
|
||||
final String... expectedRoleNames) {
|
||||
assertThat(actualResult)
|
||||
.extracting(p -> p.getRoleName() + " -> " + p.getObjectTable() + "#" + p.getObjectIdName() + ": " + p.getOp())
|
||||
.extracting(p -> p.getRoleName() + " -> " + p.getObjectTable() + "#" + p.getObjectIdName() + ": " + p.getOp()
|
||||
+ (p.getOpTableName() != null ? (":"+p.getOpTableName()) : "" ))
|
||||
.contains(expectedRoleNames);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user