hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

RBAC Diagram+PostgreSQL Generator #21

Merged
hsh-michaelhoennig merged 54 commits from experimental-rbacview-generator into master 2024-03-11 12:30:44 +01:00
Conversation 0 Commits 54 Files Changed 91 +16 -11
6 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit eb7dea54b5 - Show all commits

2
src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java
View File

@ -104,7 +104,7 @@ public class InsertTriggerGenerator {
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
begin begin
raise exception 'insert into ${rawSubTable} not allowed for current subjects % (%)', raise exception '[403] insert into ${rawSubTable} not allowed for current subjects % (%)',
currentSubjects(), currentSubjectsUuids(); currentSubjects(), currentSubjectsUuids();
end; $$; end; $$;
""", """,

7
src/main/java/net/hostsharing/hsadminng/test/cust/TestCustomerController.java
View File

@ -10,6 +10,8 @@ import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBuilder; import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBuilder;
import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext;
import java.util.List; import java.util.List;
@RestController @RestController
@ -24,6 +26,9 @@ public class TestCustomerController implements TestCustomersApi {
@Autowired @Autowired
private TestCustomerRepository testCustomerRepository; private TestCustomerRepository testCustomerRepository;
@PersistenceContext
EntityManager em;
@Override @Override
@Transactional(readOnly = true) @Transactional(readOnly = true)
public ResponseEntity<List<TestCustomerResource>> listCustomers( public ResponseEntity<List<TestCustomerResource>> listCustomers(
@ -48,7 +53,7 @@ public class TestCustomerController implements TestCustomersApi {
context.define(currentUser, assumedRoles); context.define(currentUser, assumedRoles);
final var saved = testCustomerRepository.save(mapper.map(customer, TestCustomerEntity.class)); final var saved = testCustomerRepository.save(mapper.map(customer, TestCustomerEntity.class));
em.flush();
final var uri = final var uri =
MvcUriComponentsBuilder.fromController(getClass()) MvcUriComponentsBuilder.fromController(getClass())
.path("/api/test/customers/{id}") .path("/api/test/customers/{id}")

4
src/main/resources/db/changelog/113-test-customer-rbac.sql
View File

@ -1,5 +1,5 @@
--liquibase formatted sql --liquibase formatted sql
-- This code generated was by RbacViewPostgresGenerator at 2024-03-07T15:57:25.487712422. -- This code generated was by RbacViewPostgresGenerator at 2024-03-07T18:03:21.967830771.
-- ============================================================================ -- ============================================================================
@ -88,7 +88,7 @@ create or replace function test_customer_insert_permission_missing_tf()
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
begin begin
raise exception 'insert into test_customer not allowed for current subjects % (%)', raise exception '[403] insert into test_customer not allowed for current subjects % (%)',
currentSubjects(), currentSubjectsUuids(); currentSubjects(), currentSubjectsUuids();
end; $$; end; $$;

4
src/main/resources/db/changelog/123-test-package-rbac.sql
View File

@ -1,5 +1,5 @@
--liquibase formatted sql --liquibase formatted sql
-- This code generated was by RbacViewPostgresGenerator at 2024-03-07T15:57:25.536171618. -- This code generated was by RbacViewPostgresGenerator at 2024-03-07T18:03:22.000977525.
-- ============================================================================ -- ============================================================================
@ -194,7 +194,7 @@ create or replace function test_package_insert_permission_missing_tf()
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
begin begin
raise exception 'insert into test_package not allowed for current subjects % (%)', raise exception '[403] insert into test_package not allowed for current subjects % (%)',
currentSubjects(), currentSubjectsUuids(); currentSubjects(), currentSubjectsUuids();
end; $$; end; $$;

6
src/test/java/net/hostsharing/hsadminng/test/cust/TestCustomerControllerAcceptanceTest.java
View File

@ -148,7 +148,7 @@ class TestCustomerControllerAcceptanceTest {
// finally, the new customer can be viewed by its own admin // finally, the new customer can be viewed by its own admin
final var newUserUuid = UUID.fromString( final var newUserUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1)); location.substring(location.lastIndexOf('/') + 1));
context.define("customer-admin@uuu.example.com"); context.define("superuser-fran@hostsharing.net", "test_customer#uuu.admin");
assertThat(testCustomerRepository.findByUuid(newUserUuid)) assertThat(testCustomerRepository.findByUuid(newUserUuid))
.hasValueSatisfying(c -> assertThat(c.getPrefix()).isEqualTo("uuu")); .hasValueSatisfying(c -> assertThat(c.getPrefix()).isEqualTo("uuu"));
} }
@ -175,7 +175,7 @@ class TestCustomerControllerAcceptanceTest {
.statusCode(403) .statusCode(403)
.contentType(ContentType.JSON) .contentType(ContentType.JSON)
.statusCode(403) .statusCode(403)
.body("message", containsString("add-customer not permitted for test_customer#xxx.admin")); .body("message", containsString("insert into test_customer not allowed for current subjects {test_customer#xxx.admin}"));
// @formatter:on // @formatter:on
// finally, the new customer was not created // finally, the new customer was not created
@ -204,7 +204,7 @@ class TestCustomerControllerAcceptanceTest {
.statusCode(403) .statusCode(403)
.contentType(ContentType.JSON) .contentType(ContentType.JSON)
.statusCode(403) .statusCode(403)
.body("message", containsString("add-customer not permitted for customer-admin@yyy.example.com")); .body("message", containsString("insert into test_customer not allowed for current subjects {customer-admin@yyy.example.com}"));
// @formatter:on // @formatter:on
// finally, the new customer was not created // finally, the new customer was not created

4
src/test/java/net/hostsharing/hsadminng/test/cust/TestCustomerRepositoryIntegrationTest.java
View File

@ -74,7 +74,7 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
// then // then
result.assertExceptionWithRootCauseMessage( result.assertExceptionWithRootCauseMessage(
PersistenceException.class, PersistenceException.class,
"ERROR: insert into test_customer not allowed for current subjects {test_customer#xxx.admin}"); "ERROR: [403] insert into test_customer not allowed for current subjects {test_customer#xxx.admin}");
} }
@Test @Test
@ -92,7 +92,7 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
// then // then
result.assertExceptionWithRootCauseMessage( result.assertExceptionWithRootCauseMessage(
PersistenceException.class, PersistenceException.class,
"ERROR: insert into test_customer not allowed for current subjects {customer-admin@xxx.example.com}"); "ERROR: [403] insert into test_customer not allowed for current subjects {customer-admin@xxx.example.com}");
} }