RBAC Diagram+PostgreSQL Generator #21
@ -104,7 +104,7 @@ public class InsertTriggerGenerator {
|
||||
returns trigger
|
||||
language plpgsql as $$
|
||||
begin
|
||||
raise exception 'insert into ${rawSubTable} not allowed for current subjects % (%)',
|
||||
raise exception '[403] insert into ${rawSubTable} not allowed for current subjects % (%)',
|
||||
currentSubjects(), currentSubjectsUuids();
|
||||
end; $$;
|
||||
""",
|
||||
|
||||
@ -10,6 +10,8 @@ import org.springframework.transaction.annotation.Transactional;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBuilder;
|
||||
|
||||
import jakarta.persistence.EntityManager;
|
||||
import jakarta.persistence.PersistenceContext;
|
||||
import java.util.List;
|
||||
|
||||
@RestController
|
||||
@ -24,6 +26,9 @@ public class TestCustomerController implements TestCustomersApi {
|
||||
@Autowired
|
||||
private TestCustomerRepository testCustomerRepository;
|
||||
|
||||
@PersistenceContext
|
||||
EntityManager em;
|
||||
|
||||
@Override
|
||||
@Transactional(readOnly = true)
|
||||
public ResponseEntity<List<TestCustomerResource>> listCustomers(
|
||||
@ -48,7 +53,7 @@ public class TestCustomerController implements TestCustomersApi {
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var saved = testCustomerRepository.save(mapper.map(customer, TestCustomerEntity.class));
|
||||
|
||||
em.flush();
|
||||
final var uri =
|
||||
MvcUriComponentsBuilder.fromController(getClass())
|
||||
.path("/api/test/customers/{id}")
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
--liquibase formatted sql
|
||||
-- This code generated was by RbacViewPostgresGenerator at 2024-03-07T15:57:25.487712422.
|
||||
-- This code generated was by RbacViewPostgresGenerator at 2024-03-07T18:03:21.967830771.
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
@ -88,7 +88,7 @@ create or replace function test_customer_insert_permission_missing_tf()
|
||||
returns trigger
|
||||
language plpgsql as $$
|
||||
begin
|
||||
raise exception 'insert into test_customer not allowed for current subjects % (%)',
|
||||
raise exception '[403] insert into test_customer not allowed for current subjects % (%)',
|
||||
currentSubjects(), currentSubjectsUuids();
|
||||
end; $$;
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
--liquibase formatted sql
|
||||
-- This code generated was by RbacViewPostgresGenerator at 2024-03-07T15:57:25.536171618.
|
||||
-- This code generated was by RbacViewPostgresGenerator at 2024-03-07T18:03:22.000977525.
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
@ -194,7 +194,7 @@ create or replace function test_package_insert_permission_missing_tf()
|
||||
returns trigger
|
||||
language plpgsql as $$
|
||||
begin
|
||||
raise exception 'insert into test_package not allowed for current subjects % (%)',
|
||||
raise exception '[403] insert into test_package not allowed for current subjects % (%)',
|
||||
currentSubjects(), currentSubjectsUuids();
|
||||
end; $$;
|
||||
|
||||
|
||||
@ -148,7 +148,7 @@ class TestCustomerControllerAcceptanceTest {
|
||||
// finally, the new customer can be viewed by its own admin
|
||||
final var newUserUuid = UUID.fromString(
|
||||
location.substring(location.lastIndexOf('/') + 1));
|
||||
context.define("customer-admin@uuu.example.com");
|
||||
context.define("superuser-fran@hostsharing.net", "test_customer#uuu.admin");
|
||||
assertThat(testCustomerRepository.findByUuid(newUserUuid))
|
||||
.hasValueSatisfying(c -> assertThat(c.getPrefix()).isEqualTo("uuu"));
|
||||
}
|
||||
@ -175,7 +175,7 @@ class TestCustomerControllerAcceptanceTest {
|
||||
.statusCode(403)
|
||||
.contentType(ContentType.JSON)
|
||||
.statusCode(403)
|
||||
.body("message", containsString("add-customer not permitted for test_customer#xxx.admin"));
|
||||
.body("message", containsString("insert into test_customer not allowed for current subjects {test_customer#xxx.admin}"));
|
||||
// @formatter:on
|
||||
|
||||
// finally, the new customer was not created
|
||||
@ -204,7 +204,7 @@ class TestCustomerControllerAcceptanceTest {
|
||||
.statusCode(403)
|
||||
.contentType(ContentType.JSON)
|
||||
.statusCode(403)
|
||||
.body("message", containsString("add-customer not permitted for customer-admin@yyy.example.com"));
|
||||
.body("message", containsString("insert into test_customer not allowed for current subjects {customer-admin@yyy.example.com}"));
|
||||
// @formatter:on
|
||||
|
||||
// finally, the new customer was not created
|
||||
|
||||
@ -74,7 +74,7 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
// then
|
||||
result.assertExceptionWithRootCauseMessage(
|
||||
PersistenceException.class,
|
||||
"ERROR: insert into test_customer not allowed for current subjects {test_customer#xxx.admin}");
|
||||
"ERROR: [403] insert into test_customer not allowed for current subjects {test_customer#xxx.admin}");
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -92,7 +92,7 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
// then
|
||||
result.assertExceptionWithRootCauseMessage(
|
||||
PersistenceException.class,
|
||||
"ERROR: insert into test_customer not allowed for current subjects {customer-admin@xxx.example.com}");
|
||||
"ERROR: [403] insert into test_customer not allowed for current subjects {customer-admin@xxx.example.com}");
|
||||
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user