RBAC Diagram+PostgreSQL Generator #21
@ -8,8 +8,8 @@ public interface RbacUserPermission {
|
|||||||
String getRoleName();
|
String getRoleName();
|
||||||
UUID getPermissionUuid();
|
UUID getPermissionUuid();
|
||||||
String getOp();
|
String getOp();
|
||||||
|
String getOpTableName();
|
||||||
String getObjectTable();
|
String getObjectTable();
|
||||||
String getObjectIdName();
|
String getObjectIdName();
|
||||||
UUID getObjectUuid();
|
UUID getObjectUuid();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -58,7 +58,7 @@ begin
|
|||||||
select roleIdName from rbacRole_ev where uuid=grantedByRoleUuid into grantedByRoleIdName;
|
select roleIdName from rbacRole_ev where uuid=grantedByRoleUuid into grantedByRoleIdName;
|
||||||
select roleIdName from rbacRole_ev where uuid=grantedRoleUuid into grantedRoleIdName;
|
select roleIdName from rbacRole_ev where uuid=grantedRoleUuid into grantedRoleIdName;
|
||||||
raise exception '[403] Access to granted role % (%) forbidden for % (%)',
|
raise exception '[403] Access to granted role % (%) forbidden for % (%)',
|
||||||
grantedRoleIdName, grantedRoleUuid, grantedByRoleUuid, grantedByRoleIdName;
|
grantedRoleIdName, grantedRoleUuid, grantedByRoleIdName, grantedByRoleUuid;
|
||||||
end if;
|
end if;
|
||||||
|
|
||||||
insert
|
insert
|
||||||
|
@ -341,7 +341,7 @@ grant all privileges on RbacOwnGrantedPermissions_rv to ${HSADMINNG_POSTGRES_RES
|
|||||||
|
|
||||||
*/
|
*/
|
||||||
create or replace function grantedPermissions(targetUserUuid uuid)
|
create or replace function grantedPermissions(targetUserUuid uuid)
|
||||||
returns table(roleUuid uuid, roleName text, permissionUuid uuid, op RbacOp, objectTable varchar, objectIdName varchar, objectUuid uuid)
|
returns table(roleUuid uuid, roleName text, permissionUuid uuid, op RbacOp, opTableName varchar(60), objectTable varchar(60), objectIdName varchar, objectUuid uuid)
|
||||||
returns null on null input
|
returns null on null input
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
declare
|
declare
|
||||||
@ -357,11 +357,13 @@ begin
|
|||||||
return query select
|
return query select
|
||||||
xp.roleUuid,
|
xp.roleUuid,
|
||||||
(xp.roleObjectTable || '#' || xp.roleObjectIdName || '.' || xp.roleType) as roleName,
|
(xp.roleObjectTable || '#' || xp.roleObjectIdName || '.' || xp.roleType) as roleName,
|
||||||
xp.permissionUuid, xp.op, xp.permissionObjectTable, xp.permissionObjectIdName, xp.permissionObjectUuid
|
xp.permissionUuid, xp.op, xp.opTableName,
|
||||||
|
xp.permissionObjectTable, xp.permissionObjectIdName, xp.permissionObjectUuid
|
||||||
from (select
|
from (select
|
||||||
r.uuid as roleUuid, r.roletype, ro.objectTable as roleObjectTable,
|
r.uuid as roleUuid, r.roletype, ro.objectTable as roleObjectTable,
|
||||||
findIdNameByObjectUuid(ro.objectTable, ro.uuid) as roleObjectIdName,
|
findIdNameByObjectUuid(ro.objectTable, ro.uuid) as roleObjectIdName,
|
||||||
p.uuid as permissionUuid, p.op, po.objecttable as permissionObjectTable,
|
p.uuid as permissionUuid, p.op, p.opTableName,
|
||||||
|
po.objecttable as permissionObjectTable,
|
||||||
findIdNameByObjectUuid(po.objectTable, po.uuid) as permissionObjectIdName,
|
findIdNameByObjectUuid(po.objectTable, po.uuid) as permissionObjectIdName,
|
||||||
po.uuid as permissionObjectUuid
|
po.uuid as permissionObjectUuid
|
||||||
from queryPermissionsGrantedToSubjectId( targetUserUuid) as p
|
from queryPermissionsGrantedToSubjectId( targetUserUuid) as p
|
||||||
|
@ -73,14 +73,14 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
|||||||
.contentType("application/json")
|
.contentType("application/json")
|
||||||
.body("", hasItem(
|
.body("", hasItem(
|
||||||
allOf(
|
allOf(
|
||||||
hasEntry("grantedByRoleIdName", "global#global.admin"),
|
hasEntry("grantedByRoleIdName", "test_customer#xxx.owner"),
|
||||||
hasEntry("grantedRoleIdName", "test_customer#xxx.admin"),
|
hasEntry("grantedRoleIdName", "test_customer#xxx.admin"),
|
||||||
hasEntry("granteeUserName", "customer-admin@xxx.example.com")
|
hasEntry("granteeUserName", "customer-admin@xxx.example.com")
|
||||||
)
|
)
|
||||||
))
|
))
|
||||||
.body("", hasItem(
|
.body("", hasItem(
|
||||||
allOf(
|
allOf(
|
||||||
hasEntry("grantedByRoleIdName", "global#global.admin"),
|
hasEntry("grantedByRoleIdName", "test_customer#yyy.owner"),
|
||||||
hasEntry("grantedRoleIdName", "test_customer#yyy.admin"),
|
hasEntry("grantedRoleIdName", "test_customer#yyy.admin"),
|
||||||
hasEntry("granteeUserName", "customer-admin@yyy.example.com")
|
hasEntry("granteeUserName", "customer-admin@yyy.example.com")
|
||||||
)
|
)
|
||||||
@ -296,7 +296,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
|||||||
result.assertThat()
|
result.assertThat()
|
||||||
.statusCode(403)
|
.statusCode(403)
|
||||||
.body("message", containsString("Access to granted role"))
|
.body("message", containsString("Access to granted role"))
|
||||||
.body("message", containsString("forbidden for {test_package#xxx00.admin}"));
|
.body("message", containsString("forbidden for test_package#xxx00.admin"));
|
||||||
assertThat(findAllGrantsOf(givenCurrentUserAsPackageAdmin))
|
assertThat(findAllGrantsOf(givenCurrentUserAsPackageAdmin))
|
||||||
.extracting(RbacGrantEntity::getGranteeUserName)
|
.extracting(RbacGrantEntity::getGranteeUserName)
|
||||||
.doesNotContain(givenNewUser.getName());
|
.doesNotContain(givenNewUser.getName());
|
||||||
|
@ -84,7 +84,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
|
|||||||
// then
|
// then
|
||||||
exactlyTheseRbacGrantsAreReturned(
|
exactlyTheseRbacGrantsAreReturned(
|
||||||
result,
|
result,
|
||||||
"{ grant role test_customer#xxx.admin to user customer-admin@xxx.example.com by role global#global.admin and assume }",
|
"{ grant role test_customer#xxx.admin to user customer-admin@xxx.example.com by role test_customer#xxx.owner and assume }",
|
||||||
"{ grant role test_package#xxx00.admin to user pac-admin-xxx00@xxx.example.com by role test_customer#xxx.admin and assume }",
|
"{ grant role test_package#xxx00.admin to user pac-admin-xxx00@xxx.example.com by role test_customer#xxx.admin and assume }",
|
||||||
"{ grant role test_package#xxx01.admin to user pac-admin-xxx01@xxx.example.com by role test_customer#xxx.admin and assume }",
|
"{ grant role test_package#xxx01.admin to user pac-admin-xxx01@xxx.example.com by role test_customer#xxx.admin and assume }",
|
||||||
"{ grant role test_package#xxx02.admin to user pac-admin-xxx02@xxx.example.com by role test_customer#xxx.admin and assume }");
|
"{ grant role test_package#xxx02.admin to user pac-admin-xxx02@xxx.example.com by role test_customer#xxx.admin and assume }");
|
||||||
@ -162,8 +162,8 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
|
|||||||
// then
|
// then
|
||||||
attempt.assertExceptionWithRootCauseMessage(
|
attempt.assertExceptionWithRootCauseMessage(
|
||||||
JpaSystemException.class,
|
JpaSystemException.class,
|
||||||
"ERROR: [403] Access to granted role " + given.packageOwnerRoleUuid
|
"ERROR: [403] Access to granted role test_package#xxx00.owner",
|
||||||
+ " forbidden for {test_package#xxx00.admin}");
|
"forbidden for test_package#xxx00.admin");
|
||||||
jpaAttempt.transacted(() -> {
|
jpaAttempt.transacted(() -> {
|
||||||
// finally, we use the new user to make sure, no roles were granted
|
// finally, we use the new user to make sure, no roles were granted
|
||||||
context(given.arbitraryUser.getName(), null);
|
context(given.arbitraryUser.getName(), null);
|
||||||
|
@ -288,19 +288,14 @@ class RbacUserControllerAcceptanceTest {
|
|||||||
.body("", hasItem(
|
.body("", hasItem(
|
||||||
allOf(
|
allOf(
|
||||||
hasEntry("roleName", "test_customer#yyy.tenant"),
|
hasEntry("roleName", "test_customer#yyy.tenant"),
|
||||||
hasEntry("op", "select"))
|
hasEntry("op", "SELECT"))
|
||||||
))
|
|
||||||
.body("", hasItem(
|
|
||||||
allOf(
|
|
||||||
hasEntry("roleName", "test_package#yyy00.admin"),
|
|
||||||
hasEntry("op", "add-domain"))
|
|
||||||
))
|
))
|
||||||
.body("", hasItem(
|
.body("", hasItem(
|
||||||
allOf(
|
allOf(
|
||||||
hasEntry("roleName", "test_domain#yyy00-aaaa.owner"),
|
hasEntry("roleName", "test_domain#yyy00-aaaa.owner"),
|
||||||
hasEntry("op", "delete"))
|
hasEntry("op", "DELETE"))
|
||||||
))
|
))
|
||||||
.body("size()", is(7));
|
.body("size()", is(6));
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -313,7 +308,7 @@ class RbacUserControllerAcceptanceTest {
|
|||||||
RestAssured
|
RestAssured
|
||||||
.given()
|
.given()
|
||||||
.header("current-user", "superuser-alex@hostsharing.net")
|
.header("current-user", "superuser-alex@hostsharing.net")
|
||||||
.header("assumed-roles", "test_package#yyy00.admin")
|
.header("assumed-roles", "test_customer#yyy.admin")
|
||||||
.port(port)
|
.port(port)
|
||||||
.when()
|
.when()
|
||||||
.get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions")
|
.get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions")
|
||||||
@ -323,19 +318,14 @@ class RbacUserControllerAcceptanceTest {
|
|||||||
.body("", hasItem(
|
.body("", hasItem(
|
||||||
allOf(
|
allOf(
|
||||||
hasEntry("roleName", "test_customer#yyy.tenant"),
|
hasEntry("roleName", "test_customer#yyy.tenant"),
|
||||||
hasEntry("op", "select"))
|
hasEntry("op", "SELECT"))
|
||||||
))
|
|
||||||
.body("", hasItem(
|
|
||||||
allOf(
|
|
||||||
hasEntry("roleName", "test_package#yyy00.admin"),
|
|
||||||
hasEntry("op", "add-domain"))
|
|
||||||
))
|
))
|
||||||
.body("", hasItem(
|
.body("", hasItem(
|
||||||
allOf(
|
allOf(
|
||||||
hasEntry("roleName", "test_domain#yyy00-aaaa.owner"),
|
hasEntry("roleName", "test_domain#yyy00-aaaa.owner"),
|
||||||
hasEntry("op", "delete"))
|
hasEntry("op", "DELETE"))
|
||||||
))
|
))
|
||||||
.body("size()", is(7));
|
.body("size()", is(6));
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -357,19 +347,14 @@ class RbacUserControllerAcceptanceTest {
|
|||||||
.body("", hasItem(
|
.body("", hasItem(
|
||||||
allOf(
|
allOf(
|
||||||
hasEntry("roleName", "test_customer#yyy.tenant"),
|
hasEntry("roleName", "test_customer#yyy.tenant"),
|
||||||
hasEntry("op", "select"))
|
hasEntry("op", "SELECT"))
|
||||||
))
|
|
||||||
.body("", hasItem(
|
|
||||||
allOf(
|
|
||||||
hasEntry("roleName", "test_package#yyy00.admin"),
|
|
||||||
hasEntry("op", "add-domain"))
|
|
||||||
))
|
))
|
||||||
.body("", hasItem(
|
.body("", hasItem(
|
||||||
allOf(
|
allOf(
|
||||||
hasEntry("roleName", "test_domain#yyy00-aaaa.owner"),
|
hasEntry("roleName", "test_domain#yyy00-aaaa.owner"),
|
||||||
hasEntry("op", "delete"))
|
hasEntry("op", "DELETE"))
|
||||||
))
|
))
|
||||||
.body("size()", is(7));
|
.body("size()", is(6));
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -183,47 +183,47 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
|||||||
// @formatter:off
|
// @formatter:off
|
||||||
"global#global.admin -> global#global: add-customer",
|
"global#global.admin -> global#global: add-customer",
|
||||||
|
|
||||||
"test_customer#xxx.admin -> test_customer#xxx: add-package",
|
"test_customer#xxx.admin -> test_customer#xxx: SELECT",
|
||||||
"test_customer#xxx.admin -> test_customer#xxx: view",
|
"test_customer#xxx.owner -> test_customer#xxx: DELETE",
|
||||||
"test_customer#xxx.owner -> test_customer#xxx: *",
|
"test_customer#xxx.tenant -> test_customer#xxx: SELECT",
|
||||||
"test_customer#xxx.tenant -> test_customer#xxx: view",
|
"test_customer#xxx.admin -> test_customer#xxx: INSERT:test_package",
|
||||||
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
|
"test_package#xxx00.admin -> test_package#xxx00: INSERT:test_domain",
|
||||||
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
|
"test_package#xxx00.admin -> test_package#xxx00: INSERT:test_domain",
|
||||||
"test_package#xxx00.tenant -> test_package#xxx00: view",
|
"test_package#xxx00.tenant -> test_package#xxx00: SELECT",
|
||||||
"test_package#xxx01.admin -> test_package#xxx01: add-domain",
|
"test_package#xxx01.admin -> test_package#xxx01: INSERT:test_domain",
|
||||||
"test_package#xxx01.admin -> test_package#xxx01: add-domain",
|
"test_package#xxx01.admin -> test_package#xxx01: INSERT:test_domain",
|
||||||
"test_package#xxx01.tenant -> test_package#xxx01: view",
|
"test_package#xxx01.tenant -> test_package#xxx01: SELECT",
|
||||||
"test_package#xxx02.admin -> test_package#xxx02: add-domain",
|
"test_package#xxx02.admin -> test_package#xxx02: INSERT:test_domain",
|
||||||
"test_package#xxx02.admin -> test_package#xxx02: add-domain",
|
"test_package#xxx02.admin -> test_package#xxx02: INSERT:test_domain",
|
||||||
"test_package#xxx02.tenant -> test_package#xxx02: view",
|
"test_package#xxx02.tenant -> test_package#xxx02: SELECT",
|
||||||
|
|
||||||
"test_customer#yyy.admin -> test_customer#yyy: add-package",
|
"test_customer#yyy.admin -> test_customer#yyy: SELECT",
|
||||||
"test_customer#yyy.admin -> test_customer#yyy: view",
|
"test_customer#yyy.owner -> test_customer#yyy: DELETE",
|
||||||
"test_customer#yyy.owner -> test_customer#yyy: *",
|
"test_customer#yyy.tenant -> test_customer#yyy: SELECT",
|
||||||
"test_customer#yyy.tenant -> test_customer#yyy: view",
|
"test_customer#yyy.admin -> test_customer#yyy: INSERT:test_package",
|
||||||
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
|
"test_package#yyy00.admin -> test_package#yyy00: INSERT:test_domain",
|
||||||
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
|
"test_package#yyy00.admin -> test_package#yyy00: INSERT:test_domain",
|
||||||
"test_package#yyy00.tenant -> test_package#yyy00: view",
|
"test_package#yyy00.tenant -> test_package#yyy00: SELECT",
|
||||||
"test_package#yyy01.admin -> test_package#yyy01: add-domain",
|
"test_package#yyy01.admin -> test_package#yyy01: INSERT:test_domain",
|
||||||
"test_package#yyy01.admin -> test_package#yyy01: add-domain",
|
"test_package#yyy01.admin -> test_package#yyy01: INSERT:test_domain",
|
||||||
"test_package#yyy01.tenant -> test_package#yyy01: view",
|
"test_package#yyy01.tenant -> test_package#yyy01: SELECT",
|
||||||
"test_package#yyy02.admin -> test_package#yyy02: add-domain",
|
"test_package#yyy02.admin -> test_package#yyy02: INSERT:test_domain",
|
||||||
"test_package#yyy02.admin -> test_package#yyy02: add-domain",
|
"test_package#yyy02.admin -> test_package#yyy02: INSERT:test_domain",
|
||||||
"test_package#yyy02.tenant -> test_package#yyy02: view",
|
"test_package#yyy02.tenant -> test_package#yyy02: SELECT",
|
||||||
|
|
||||||
"test_customer#zzz.admin -> test_customer#zzz: add-package",
|
"test_customer#zzz.admin -> test_customer#zzz: SELECT",
|
||||||
"test_customer#zzz.admin -> test_customer#zzz: view",
|
"test_customer#zzz.owner -> test_customer#zzz: DELETE",
|
||||||
"test_customer#zzz.owner -> test_customer#zzz: *",
|
"test_customer#zzz.tenant -> test_customer#zzz: SELECT",
|
||||||
"test_customer#zzz.tenant -> test_customer#zzz: view",
|
"test_customer#zzz.admin -> test_customer#zzz: INSERT:test_package",
|
||||||
"test_package#zzz00.admin -> test_package#zzz00: add-domain",
|
"test_package#zzz00.admin -> test_package#zzz00: INSERT:test_domain",
|
||||||
"test_package#zzz00.admin -> test_package#zzz00: add-domain",
|
"test_package#zzz00.admin -> test_package#zzz00: INSERT:test_domain",
|
||||||
"test_package#zzz00.tenant -> test_package#zzz00: view",
|
"test_package#zzz00.tenant -> test_package#zzz00: SELECT",
|
||||||
"test_package#zzz01.admin -> test_package#zzz01: add-domain",
|
"test_package#zzz01.admin -> test_package#zzz01: INSERT:test_domain",
|
||||||
"test_package#zzz01.admin -> test_package#zzz01: add-domain",
|
"test_package#zzz01.admin -> test_package#zzz01: INSERT:test_domain",
|
||||||
"test_package#zzz01.tenant -> test_package#zzz01: view",
|
"test_package#zzz01.tenant -> test_package#zzz01: SELECT",
|
||||||
"test_package#zzz02.admin -> test_package#zzz02: add-domain",
|
"test_package#zzz02.admin -> test_package#zzz02: INSERT:test_domain",
|
||||||
"test_package#zzz02.admin -> test_package#zzz02: add-domain",
|
"test_package#zzz02.admin -> test_package#zzz02: INSERT:test_domain",
|
||||||
"test_package#zzz02.tenant -> test_package#zzz02: view"
|
"test_package#zzz02.tenant -> test_package#zzz02: SELECT"
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
);
|
);
|
||||||
|
|
||||||
@ -251,32 +251,32 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
|||||||
allTheseRbacPermissionsAreReturned(
|
allTheseRbacPermissionsAreReturned(
|
||||||
result,
|
result,
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
"test_customer#xxx.admin -> test_customer#xxx: add-package",
|
"test_customer#xxx.admin -> test_customer#xxx: INSERT:test_package",
|
||||||
"test_customer#xxx.admin -> test_customer#xxx: view",
|
"test_customer#xxx.admin -> test_customer#xxx: SELECT",
|
||||||
"test_customer#xxx.tenant -> test_customer#xxx: view",
|
"test_customer#xxx.tenant -> test_customer#xxx: SELECT",
|
||||||
|
|
||||||
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
|
"test_package#xxx00.admin -> test_package#xxx00: INSERT:test_domain",
|
||||||
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
|
"test_package#xxx00.admin -> test_package#xxx00: INSERT:test_domain",
|
||||||
"test_package#xxx00.tenant -> test_package#xxx00: view",
|
"test_package#xxx00.tenant -> test_package#xxx00: SELECT",
|
||||||
"test_domain#xxx00-aaaa.owner -> test_domain#xxx00-aaaa: *",
|
"test_domain#xxx00-aaaa.owner -> test_domain#xxx00-aaaa: DELETE",
|
||||||
|
|
||||||
"test_package#xxx01.admin -> test_package#xxx01: add-domain",
|
"test_package#xxx01.admin -> test_package#xxx01: INSERT:test_domain",
|
||||||
"test_package#xxx01.admin -> test_package#xxx01: add-domain",
|
"test_package#xxx01.admin -> test_package#xxx01: INSERT:test_domain",
|
||||||
"test_package#xxx01.tenant -> test_package#xxx01: view",
|
"test_package#xxx01.tenant -> test_package#xxx01: SELECT",
|
||||||
"test_domain#xxx01-aaaa.owner -> test_domain#xxx01-aaaa: *",
|
"test_domain#xxx01-aaaa.owner -> test_domain#xxx01-aaaa: DELETE",
|
||||||
|
|
||||||
"test_package#xxx02.admin -> test_package#xxx02: add-domain",
|
"test_package#xxx02.admin -> test_package#xxx02: INSERT:test_domain",
|
||||||
"test_package#xxx02.admin -> test_package#xxx02: add-domain",
|
"test_package#xxx02.admin -> test_package#xxx02: INSERT:test_domain",
|
||||||
"test_package#xxx02.tenant -> test_package#xxx02: view",
|
"test_package#xxx02.tenant -> test_package#xxx02: SELECT",
|
||||||
"test_domain#xxx02-aaaa.owner -> test_domain#xxx02-aaaa: *"
|
"test_domain#xxx02-aaaa.owner -> test_domain#xxx02-aaaa: DELETE"
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
);
|
);
|
||||||
noneOfTheseRbacPermissionsAreReturned(
|
noneOfTheseRbacPermissionsAreReturned(
|
||||||
result,
|
result,
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
"test_customer#yyy.admin -> test_customer#yyy: add-package",
|
"test_customer#yyy.admin -> test_customer#yyy: INSERT:test_package",
|
||||||
"test_customer#yyy.admin -> test_customer#yyy: view",
|
"test_customer#yyy.admin -> test_customer#yyy: SELECT",
|
||||||
"test_customer#yyy.tenant -> test_customer#yyy: view"
|
"test_customer#yyy.tenant -> test_customer#yyy: SELECT"
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
@ -311,26 +311,26 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
|||||||
allTheseRbacPermissionsAreReturned(
|
allTheseRbacPermissionsAreReturned(
|
||||||
result,
|
result,
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
"test_customer#xxx.tenant -> test_customer#xxx: view",
|
"test_customer#xxx.tenant -> test_customer#xxx: SELECT",
|
||||||
// "test_customer#xxx.admin -> test_customer#xxx: view" - Not permissions through the customer admin!
|
// "test_customer#xxx.admin -> test_customer#xxx: view" - Not permissions through the customer admin!
|
||||||
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
|
"test_package#xxx00.admin -> test_package#xxx00: INSERT:test_domain",
|
||||||
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
|
"test_package#xxx00.admin -> test_package#xxx00: INSERT:test_domain",
|
||||||
"test_package#xxx00.tenant -> test_package#xxx00: view",
|
"test_package#xxx00.tenant -> test_package#xxx00: SELECT",
|
||||||
"test_domain#xxx00-aaaa.owner -> test_domain#xxx00-aaaa: *",
|
"test_domain#xxx00-aaaa.owner -> test_domain#xxx00-aaaa: DELETE",
|
||||||
"test_domain#xxx00-aaab.owner -> test_domain#xxx00-aaab: *"
|
"test_domain#xxx00-aaab.owner -> test_domain#xxx00-aaab: DELETE"
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
);
|
);
|
||||||
noneOfTheseRbacPermissionsAreReturned(
|
noneOfTheseRbacPermissionsAreReturned(
|
||||||
result,
|
result,
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
"test_customer#yyy.admin -> test_customer#yyy: add-package",
|
"test_customer#yyy.admin -> test_customer#yyy: INSERT:test_package",
|
||||||
"test_customer#yyy.admin -> test_customer#yyy: view",
|
"test_customer#yyy.admin -> test_customer#yyy: SELECT",
|
||||||
"test_customer#yyy.tenant -> test_customer#yyy: view",
|
"test_customer#yyy.tenant -> test_customer#yyy: SELECT",
|
||||||
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
|
"test_package#yyy00.admin -> test_package#yyy00: INSERT:test_domain",
|
||||||
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
|
"test_package#yyy00.admin -> test_package#yyy00: INSERT:test_domain",
|
||||||
"test_package#yyy00.tenant -> test_package#yyy00: view",
|
"test_package#yyy00.tenant -> test_package#yyy00: SELECT",
|
||||||
"test_domain#yyy00-aaaa.owner -> test_domain#yyy00-aaaa: *",
|
"test_domain#yyy00-aaaa.owner -> test_domain#yyy00-aaaa: DELETE",
|
||||||
"test_domain#yyy00-aaab.owner -> test_domain#yyy00-aaab: *"
|
"test_domain#yyy00-aaab.owner -> test_domain#yyy00-aaab: DELETE"
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
@ -359,11 +359,10 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
|||||||
allTheseRbacPermissionsAreReturned(
|
allTheseRbacPermissionsAreReturned(
|
||||||
result,
|
result,
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
"test_customer#xxx.tenant -> test_customer#xxx: view",
|
"test_customer#xxx.tenant -> test_customer#xxx: SELECT",
|
||||||
// "test_customer#xxx.admin -> test_customer#xxx: view" - Not permissions through the customer admin!
|
// "test_customer#xxx.admin -> test_customer#xxx: view" - Not permissions through the customer admin!
|
||||||
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
|
"test_package#xxx00.admin -> test_package#xxx00: INSERT:test_domain",
|
||||||
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
|
"test_package#xxx00.tenant -> test_package#xxx00: SELECT"
|
||||||
"test_package#xxx00.tenant -> test_package#xxx00: view"
|
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
);
|
);
|
||||||
noneOfTheseRbacPermissionsAreReturned(
|
noneOfTheseRbacPermissionsAreReturned(
|
||||||
@ -373,13 +372,13 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
|||||||
"test_customer#xxx.admin -> test_customer#xxx: add-package",
|
"test_customer#xxx.admin -> test_customer#xxx: add-package",
|
||||||
// no permissions on other customer's objects
|
// no permissions on other customer's objects
|
||||||
"test_customer#yyy.admin -> test_customer#yyy: add-package",
|
"test_customer#yyy.admin -> test_customer#yyy: add-package",
|
||||||
"test_customer#yyy.admin -> test_customer#yyy: view",
|
"test_customer#yyy.admin -> test_customer#yyy: SELECT",
|
||||||
"test_customer#yyy.tenant -> test_customer#yyy: view",
|
"test_customer#yyy.tenant -> test_customer#yyy: SELECT",
|
||||||
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
|
"test_package#yyy00.admin -> test_package#yyy00: INSERT:test_domain",
|
||||||
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
|
"test_package#yyy00.admin -> test_package#yyy00: INSERT:test_domain",
|
||||||
"test_package#yyy00.tenant -> test_package#yyy00: view",
|
"test_package#yyy00.tenant -> test_package#yyy00: SELECT",
|
||||||
"test_domain#yyy00-aaaa.owner -> test_domain#yyy00-aaaa: *",
|
"test_domain#yyy00-aaaa.owner -> test_domain#yyy00-aaaa: DELETE",
|
||||||
"test_domain#yyy00-xxxb.owner -> test_domain#yyy00-xxxb: *"
|
"test_domain#yyy00-xxxb.owner -> test_domain#yyy00-xxxb: DELETE"
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
@ -432,7 +431,8 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
|||||||
final List<RbacUserPermission> actualResult,
|
final List<RbacUserPermission> actualResult,
|
||||||
final String... expectedRoleNames) {
|
final String... expectedRoleNames) {
|
||||||
assertThat(actualResult)
|
assertThat(actualResult)
|
||||||
.extracting(p -> p.getRoleName() + " -> " + p.getObjectTable() + "#" + p.getObjectIdName() + ": " + p.getOp())
|
.extracting(p -> p.getRoleName() + " -> " + p.getObjectTable() + "#" + p.getObjectIdName() + ": " + p.getOp()
|
||||||
|
+ (p.getOpTableName() != null ? (":"+p.getOpTableName()) : "" ))
|
||||||
.contains(expectedRoleNames);
|
.contains(expectedRoleNames);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user