uniform idnames #28
@ -82,7 +82,7 @@ If you have at least Docker and the Java JDK installed in appropriate versions a
|
|||||||
|
|
||||||
# the following command should return a JSON array with just all packages visible for the admin of the customer yyy:
|
# the following command should return a JSON array with just all packages visible for the admin of the customer yyy:
|
||||||
curl \
|
curl \
|
||||||
-H 'current-user: superuser-alex@hostsharing.net' -H 'assumed-roles: test_customer#yyy:admin' \
|
-H 'current-user: superuser-alex@hostsharing.net' -H 'assumed-roles: test_customer#yyy:ADMIN' \
|
||||||
|
hsh-michaelhoennig marked this conversation as resolved
Outdated
|
|||||||
http://localhost:8080/api/test/packages
|
http://localhost:8080/api/test/packages
|
||||||
|
|
||||||
# add a new customer
|
# add a new customer
|
||||||
|
|||||||
22
doc/rbac.md
22
doc/rbac.md
@ -206,7 +206,7 @@ and the *role-stereotype* describes a role relative to a referenced business-obj
|
|||||||
#### owner
|
#### owner
|
||||||
|
|
||||||
The owner-role is granted to the subject which created the business object.
|
The owner-role is granted to the subject which created the business object.
|
||||||
E.g. for a new *customer* it would be granted to 'administrators' and for a new *package* to the 'customer#...:admin'.
|
E.g. for a new *customer* it would be granted to 'administrators' and for a new *package* to the 'customer#...:ADMIN'.
|
||||||
|
hsh-michaelhoennig marked this conversation as resolved
Outdated
ADMIN ADMIN
|
|||||||
|
|
||||||
Whoever has the owner-role assigned can do everything with the related business-object, including deleting (or deactivating) it.
|
Whoever has the owner-role assigned can do everything with the related business-object, including deleting (or deactivating) it.
|
||||||
|
|
||||||
@ -470,14 +470,14 @@ together {
|
|||||||
permCustomerXyzSELECT--> boCustXyz
|
permCustomerXyzSELECT--> boCustXyz
|
||||||
}
|
}
|
||||||
|
|
||||||
entity "Role customer#xyz:tenant" as roleCustXyzTenant
|
entity "Role customer#xyz:TENANT" as roleCustXyzTenant
|
||||||
roleCustXyzTenant --> permCustomerXyzSELECT
|
roleCustXyzTenant --> permCustomerXyzSELECT
|
||||||
|
|
||||||
entity "Role customer#xyz:admin" as roleCustXyzAdmin
|
entity "Role customer#xyz:ADMIN" as roleCustXyzAdmin
|
||||||
roleCustXyzAdmin --> roleCustXyzTenant
|
roleCustXyzAdmin --> roleCustXyzTenant
|
||||||
roleCustXyzAdmin --> permCustomerXyzINSERT:package
|
roleCustXyzAdmin --> permCustomerXyzINSERT:package
|
||||||
|
|
||||||
entity "Role customer#xyz:owner" as roleCustXyzOwner
|
entity "Role customer#xyz:OWNER" as roleCustXyzOwner
|
||||||
roleCustXyzOwner ..> roleCustXyzAdmin
|
roleCustXyzOwner ..> roleCustXyzAdmin
|
||||||
roleCustXyzOwner --> permCustomerXyzDELETE
|
roleCustXyzOwner --> permCustomerXyzDELETE
|
||||||
|
|
||||||
@ -493,7 +493,7 @@ actorHostmaster --> roleAdmins
|
|||||||
```
|
```
|
||||||
|
|
||||||
As you can see, there something special:
|
As you can see, there something special:
|
||||||
From the 'Role customer#xyz:owner' to the 'Role customer#xyz:admin' there is a dashed line, whereas all other lines are solid lines.
|
From the 'Role customer#xyz:OWNER' to the 'Role customer#xyz:admin' there is a dashed line, whereas all other lines are solid lines.
|
||||||
Solid lines means, that one role is granted to another and automatically assumed in all queries to the restricted views.
|
Solid lines means, that one role is granted to another and automatically assumed in all queries to the restricted views.
|
||||||
The dashed line means that one role is granted to another but not automatically assumed in queries to the restricted views.
|
The dashed line means that one role is granted to another but not automatically assumed in queries to the restricted views.
|
||||||
|
|
||||||
@ -541,15 +541,15 @@ together {
|
|||||||
}
|
}
|
||||||
|
|
||||||
package {
|
package {
|
||||||
entity "Role customer#xyz:tenant" as roleCustXyzTenant
|
entity "Role customer#xyz:TENANT" as roleCustXyzTenant
|
||||||
entity "Role customer#xyz:admin" as roleCustXyzAdmin
|
entity "Role customer#xyz:ADMIN" as roleCustXyzAdmin
|
||||||
entity "Role customer#xyz:owner" as roleCustXyzOwner
|
entity "Role customer#xyz:OWNER" as roleCustXyzOwner
|
||||||
}
|
}
|
||||||
|
|
||||||
package {
|
package {
|
||||||
entity "Role package#xyz00:owner" as rolePacXyz00Owner
|
entity "Role package#xyz00:OWNER" as rolePacXyz00Owner
|
||||||
entity "Role package#xyz00:admin" as rolePacXyz00Admin
|
entity "Role package#xyz00:ADMIN" as rolePacXyz00Admin
|
||||||
entity "Role package#xyz00:tenant" as rolePacXyz00Tenant
|
entity "Role package#xyz00:TENANT" as rolePacXyz00Tenant
|
||||||
}
|
}
|
||||||
|
|
||||||
rolePacXyz00Tenant --> permPacXyz00SELECT
|
rolePacXyz00Tenant --> permPacXyz00SELECT
|
||||||
|
|||||||
@ -24,7 +24,6 @@ import jakarta.persistence.JoinColumn;
|
|||||||
import jakarta.persistence.ManyToOne;
|
import jakarta.persistence.ManyToOne;
|
||||||
import jakarta.persistence.Table;
|
import jakarta.persistence.Table;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.IOException;
|
|
||||||
import java.math.BigDecimal;
|
import java.math.BigDecimal;
|
||||||
import java.time.LocalDate;
|
import java.time.LocalDate;
|
||||||
import java.util.Optional;
|
import java.util.Optional;
|
||||||
|
|||||||
@ -23,7 +23,6 @@ import jakarta.persistence.JoinColumn;
|
|||||||
import jakarta.persistence.ManyToOne;
|
import jakarta.persistence.ManyToOne;
|
||||||
import jakarta.persistence.Table;
|
import jakarta.persistence.Table;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.IOException;
|
|
||||||
import java.time.LocalDate;
|
import java.time.LocalDate;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
|
|||||||
@ -31,7 +31,7 @@ public class RbacRoleController implements RbacRolesApi {
|
|||||||
|
|
||||||
context.define(currentUser, assumedRoles);
|
context.define(currentUser, assumedRoles);
|
||||||
|
|
||||||
final List<RbacRoleRvEntity> result = rbacRoleRepository.findAll();
|
final List<RbacRoleEntity> result = rbacRoleRepository.findAll();
|
||||||
|
|
||||||
return ResponseEntity.ok(mapper.mapList(result, RbacRoleResource.class));
|
return ResponseEntity.ok(mapper.mapList(result, RbacRoleResource.class));
|
||||||
}
|
}
|
||||||
|
|||||||
@ -15,7 +15,7 @@ import java.util.UUID;
|
|||||||
@Immutable
|
@Immutable
|
||||||
@NoArgsConstructor
|
@NoArgsConstructor
|
||||||
@AllArgsConstructor
|
@AllArgsConstructor
|
||||||
public class RbacRoleRvEntity {
|
public class RbacRoleEntity {
|
||||||
|
|
||||||
@Id
|
@Id
|
||||||
@GeneratedValue
|
@GeneratedValue
|
||||||
@ -5,7 +5,7 @@ import org.springframework.data.repository.Repository;
|
|||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
public interface RbacRoleRepository extends Repository<RbacRoleRvEntity, UUID> {
|
public interface RbacRoleRepository extends Repository<RbacRoleEntity, UUID> {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return the number of persistent RbacRoleEntity instances, mostly for testing purposes.
|
* @return the number of persistent RbacRoleEntity instances, mostly for testing purposes.
|
||||||
@ -15,7 +15,7 @@ public interface RbacRoleRepository extends Repository<RbacRoleRvEntity, UUID> {
|
|||||||
/**
|
/**
|
||||||
* @return all persistent RbacRoleEntity instances, assigned to the current subject (user or assumed roles)
|
* @return all persistent RbacRoleEntity instances, assigned to the current subject (user or assumed roles)
|
||||||
*/
|
*/
|
||||||
List<RbacRoleRvEntity> findAll();
|
List<RbacRoleEntity> findAll();
|
||||||
|
|
||||||
RbacRoleRvEntity findByRoleName(String roleName);
|
RbacRoleEntity findByRoleName(String roleName);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -139,7 +139,7 @@ select 'global', (select uuid from RbacObject where objectTable = 'global'), 'GU
|
|||||||
$$;
|
$$;
|
||||||
|
|
||||||
begin transaction;
|
begin transaction;
|
||||||
call defineContext('creating role:global#loba:guest', null, null, null);
|
call defineContext('creating role:global#globa:guest', null, null, null);
|
||||||
select createRole(globalGuest());
|
select createRole(globalGuest());
|
||||||
commit;
|
commit;
|
||||||
--//
|
--//
|
||||||
|
|||||||
@ -6,7 +6,7 @@ import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantEntity;
|
|||||||
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantRepository;
|
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantRepository;
|
||||||
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService;
|
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService;
|
||||||
import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
|
import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
|
||||||
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRvEntity;
|
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleEntity;
|
||||||
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository;
|
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository;
|
||||||
import net.hostsharing.test.JpaAttempt;
|
import net.hostsharing.test.JpaAttempt;
|
||||||
import org.jetbrains.annotations.NotNull;
|
import org.jetbrains.annotations.NotNull;
|
||||||
@ -255,7 +255,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
|
|||||||
return jpaAttempt.transacted(() -> {
|
return jpaAttempt.transacted(() -> {
|
||||||
context.define("superuser-alex@hostsharing.net", null);
|
context.define("superuser-alex@hostsharing.net", null);
|
||||||
return rbacRoleRepo.findAll().stream()
|
return rbacRoleRepo.findAll().stream()
|
||||||
.map(RbacRoleRvEntity::getRoleName)
|
.map(RbacRoleEntity::getRoleName)
|
||||||
.collect(toSet());
|
.collect(toSet());
|
||||||
}).assertSuccessful().returnedValue();
|
}).assertSuccessful().returnedValue();
|
||||||
}
|
}
|
||||||
|
|||||||
@ -5,7 +5,7 @@ import io.restassured.http.ContentType;
|
|||||||
import io.restassured.response.ValidatableResponse;
|
import io.restassured.response.ValidatableResponse;
|
||||||
import net.hostsharing.hsadminng.HsadminNgApplication;
|
import net.hostsharing.hsadminng.HsadminNgApplication;
|
||||||
import net.hostsharing.hsadminng.context.ContextBasedTest;
|
import net.hostsharing.hsadminng.context.ContextBasedTest;
|
||||||
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRvEntity;
|
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleEntity;
|
||||||
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository;
|
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository;
|
||||||
import net.hostsharing.hsadminng.rbac.rbacuser.RbacUserEntity;
|
import net.hostsharing.hsadminng.rbac.rbacuser.RbacUserEntity;
|
||||||
import net.hostsharing.hsadminng.rbac.rbacuser.RbacUserRepository;
|
import net.hostsharing.hsadminng.rbac.rbacuser.RbacUserRepository;
|
||||||
@ -361,11 +361,11 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
|||||||
this(currentUser, "");
|
this(currentUser, "");
|
||||||
}
|
}
|
||||||
|
|
||||||
GrantFixture grantsRole(final RbacRoleRvEntity givenOwnPackageAdminRole) {
|
GrantFixture grantsRole(final RbacRoleEntity givenOwnPackageAdminRole) {
|
||||||
return new GrantFixture(givenOwnPackageAdminRole);
|
return new GrantFixture(givenOwnPackageAdminRole);
|
||||||
}
|
}
|
||||||
|
|
||||||
RevokeFixture revokesRole(final RbacRoleRvEntity givenOwnPackageAdminRole) {
|
RevokeFixture revokesRole(final RbacRoleEntity givenOwnPackageAdminRole) {
|
||||||
return new RevokeFixture(givenOwnPackageAdminRole);
|
return new RevokeFixture(givenOwnPackageAdminRole);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -376,11 +376,11 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
|||||||
class GrantFixture {
|
class GrantFixture {
|
||||||
|
|
||||||
private Subject grantingSubject = Subject.this;
|
private Subject grantingSubject = Subject.this;
|
||||||
private final RbacRoleRvEntity grantedRole;
|
private final RbacRoleEntity grantedRole;
|
||||||
private boolean assumed;
|
private boolean assumed;
|
||||||
private RbacUserEntity granteeUser;
|
private RbacUserEntity granteeUser;
|
||||||
|
|
||||||
public GrantFixture(final RbacRoleRvEntity roleToGrant) {
|
public GrantFixture(final RbacRoleEntity roleToGrant) {
|
||||||
this.grantedRole = roleToGrant;
|
this.grantedRole = roleToGrant;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -417,11 +417,11 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
|||||||
class RevokeFixture {
|
class RevokeFixture {
|
||||||
|
|
||||||
private Subject currentSubject = Subject.this;
|
private Subject currentSubject = Subject.this;
|
||||||
private final RbacRoleRvEntity grantedRole;
|
private final RbacRoleEntity grantedRole;
|
||||||
private boolean assumed;
|
private boolean assumed;
|
||||||
private RbacUserEntity granteeUser;
|
private RbacUserEntity granteeUser;
|
||||||
|
|
||||||
public RevokeFixture(final RbacRoleRvEntity roleToGrant) {
|
public RevokeFixture(final RbacRoleEntity roleToGrant) {
|
||||||
this.grantedRole = roleToGrant;
|
this.grantedRole = roleToGrant;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -455,9 +455,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
|||||||
private class GetGrantByIdFixture {
|
private class GetGrantByIdFixture {
|
||||||
|
|
||||||
private Subject currentSubject = Subject.this;
|
private Subject currentSubject = Subject.this;
|
||||||
private RbacRoleRvEntity grantedRole;
|
private RbacRoleEntity grantedRole;
|
||||||
|
|
||||||
GetGrantByIdFixture forGrantedRole(final RbacRoleRvEntity grantedRole) {
|
GetGrantByIdFixture forGrantedRole(final RbacRoleEntity grantedRole) {
|
||||||
this.grantedRole = grantedRole;
|
this.grantedRole = grantedRole;
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
@ -507,7 +507,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
|||||||
}).assertNotNull().returnedValue();
|
}).assertNotNull().returnedValue();
|
||||||
}
|
}
|
||||||
|
|
||||||
RbacRoleRvEntity getRbacRoleByName(final String roleName) {
|
RbacRoleEntity getRbacRoleByName(final String roleName) {
|
||||||
return jpaAttempt.transacted(() -> {
|
return jpaAttempt.transacted(() -> {
|
||||||
context("superuser-alex@hostsharing.net", null);
|
context("superuser-alex@hostsharing.net", null);
|
||||||
return rbacRoleRepository.findByRoleName(roleName);
|
return rbacRoleRepository.findByRoleName(roleName);
|
||||||
|
|||||||
@ -175,21 +175,21 @@ class RbacRoleRepositoryIntegrationTest {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void exactlyTheseRbacRolesAreReturned(final List<RbacRoleRvEntity> actualResult, final String... expectedRoleNames) {
|
void exactlyTheseRbacRolesAreReturned(final List<RbacRoleEntity> actualResult, final String... expectedRoleNames) {
|
||||||
assertThat(actualResult)
|
assertThat(actualResult)
|
||||||
.extracting(RbacRoleRvEntity::getRoleName)
|
.extracting(RbacRoleEntity::getRoleName)
|
||||||
.containsExactlyInAnyOrder(expectedRoleNames);
|
.containsExactlyInAnyOrder(expectedRoleNames);
|
||||||
}
|
}
|
||||||
|
|
||||||
void allTheseRbacRolesAreReturned(final List<RbacRoleRvEntity> actualResult, final String... expectedRoleNames) {
|
void allTheseRbacRolesAreReturned(final List<RbacRoleEntity> actualResult, final String... expectedRoleNames) {
|
||||||
assertThat(actualResult)
|
assertThat(actualResult)
|
||||||
.extracting(RbacRoleRvEntity::getRoleName)
|
.extracting(RbacRoleEntity::getRoleName)
|
||||||
.contains(expectedRoleNames);
|
.contains(expectedRoleNames);
|
||||||
}
|
}
|
||||||
|
|
||||||
void noneOfTheseRbacRolesIsReturned(final List<RbacRoleRvEntity> actualResult, final String... unexpectedRoleNames) {
|
void noneOfTheseRbacRolesIsReturned(final List<RbacRoleEntity> actualResult, final String... unexpectedRoleNames) {
|
||||||
assertThat(actualResult)
|
assertThat(actualResult)
|
||||||
.extracting(RbacRoleRvEntity::getRoleName)
|
.extracting(RbacRoleEntity::getRoleName)
|
||||||
.doesNotContain(unexpectedRoleNames);
|
.doesNotContain(unexpectedRoleNames);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -4,11 +4,11 @@ import static java.util.UUID.randomUUID;
|
|||||||
|
|
||||||
public class TestRbacRole {
|
public class TestRbacRole {
|
||||||
|
|
||||||
public static final RbacRoleRvEntity hostmasterRole = rbacRole("global", "global", RbacRoleType.ADMIN);
|
public static final RbacRoleEntity hostmasterRole = rbacRole("global", "global", RbacRoleType.ADMIN);
|
||||||
static final RbacRoleRvEntity customerXxxOwner = rbacRole("test_customer", "xxx", RbacRoleType.OWNER);
|
static final RbacRoleEntity customerXxxOwner = rbacRole("test_customer", "xxx", RbacRoleType.OWNER);
|
||||||
static final RbacRoleRvEntity customerXxxAdmin = rbacRole("test_customer", "xxx", RbacRoleType.ADMIN);
|
static final RbacRoleEntity customerXxxAdmin = rbacRole("test_customer", "xxx", RbacRoleType.ADMIN);
|
||||||
|
|
||||||
static public RbacRoleRvEntity rbacRole(final String objectTable, final String objectIdName, final RbacRoleType roleType) {
|
static public RbacRoleEntity rbacRole(final String objectTable, final String objectIdName, final RbacRoleType roleType) {
|
||||||
return new RbacRoleRvEntity(randomUUID(), randomUUID(), objectTable, objectIdName, roleType, objectTable+'#'+objectIdName+':'+roleType);
|
return new RbacRoleEntity(randomUUID(), randomUUID(), objectTable, objectIdName, roleType, objectTable+'#'+objectIdName+':'+roleType);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user
ADMIN