rbac-optimization #80

Merged
hsh-michaelhoennig merged 14 commits from rbac-optimization into master 2024-07-27 10:18:08 +02:00
12 changed files with 93 additions and 57 deletions
Showing only changes of commit 94ef33c775 - Show all commits

View File

@ -96,7 +96,7 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
}
final var relatedPartner = partnerRepo.findPartnerByPartnerPersonUuid(entityToSave.getDebitorRel().getHolder().getUuid());
entityToSave.setPartnerNumber(relatedPartner.getPartnerNumber());
entityToSave.setPartner(relatedPartner);
final var savedEntity = debitorRepo.save(entityToSave);
em.flush();

View File

@ -7,6 +7,7 @@ import lombok.NoArgsConstructor;
import lombok.Setter;
import net.hostsharing.hsadminng.errors.DisplayName;
import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountEntity;
import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerEntity;
import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationEntity;
import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
@ -14,6 +15,9 @@ import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL;
import net.hostsharing.hsadminng.stringify.Stringify;
import net.hostsharing.hsadminng.stringify.Stringifyable;
import org.hibernate.annotations.GenericGenerator;
import org.hibernate.annotations.JoinFormula;
import org.hibernate.annotations.NotFound;
import org.hibernate.annotations.NotFoundAction;
import jakarta.persistence.Column;
import jakarta.persistence.Entity;
@ -73,8 +77,22 @@ public class HsOfficeDebitorEntity implements RbacObject<HsOfficeDebitorEntity>,
@Version
private int version;
@Column(name = "partnernumber", columnDefinition = "numeric(5) not null")
private Integer partnerNumber; // redundant to HsOfficePartnerEntity.partnerNumber for performance reasons
@ManyToOne
@JoinFormula(
referencedColumnName = "uuid",
value = """
(
SELECT DISTINCT partner.uuid
FROM hs_office_partner_rv partner
JOIN hs_office_relation_rv dRel
ON dRel.uuid = debitorreluuid AND dRel.type = 'DEBITOR'
JOIN hs_office_relation_rv pRel
ON pRel.uuid = partner.partnerRelUuid AND pRel.type = 'PARTNER'
WHERE pRel.holderUuid = dRel.anchorUuid
)
""")
@NotFound(action = NotFoundAction.IGNORE)
private HsOfficePartnerEntity partner;
@Column(name = "debitornumbersuffix", length = 2)
@Pattern(regexp = TWO_DECIMAL_DIGITS)
@ -117,8 +135,9 @@ public class HsOfficeDebitorEntity implements RbacObject<HsOfficeDebitorEntity>,
}
private String getDebitorNumberString() {
return ofNullable(partnerNumber)
return ofNullable(partner)
.filter(partner -> debitorNumberSuffix != null)
.map(HsOfficePartnerEntity::getPartnerNumber)
.map(Object::toString)
.map(partnerNumber -> partnerNumber + debitorNumberSuffix)
.orElse(null);

View File

@ -8,7 +8,6 @@ create table hs_office_debitor
(
uuid uuid unique references RbacObject (uuid) initially deferred,
version int not null default 0,
partnerNumber numeric(5) not null, -- redundant to hs_office_partner.partnerNumber for performance reasons
debitorNumberSuffix char(2) not null check (debitorNumberSuffix::text ~ '^[0-9][0-9]$'),
debitorRelUuid uuid not null references hs_office_relation(uuid),
billable boolean not null default true,

View File

@ -9,8 +9,7 @@
Creates a single debitor test record.
*/
create or replace procedure createHsOfficeDebitorTestData(
forPartnerNumber numeric(5),
withDebitorNumberSuffix numeric(2),
withDebitorNumberSuffix numeric(5),
forPartnerPersonName varchar,
forBillingContactCaption varchar,
withDefaultPrefix varchar
@ -43,8 +42,8 @@ begin
-- raise exception 'creating test debitor: (uuid=%, debitorRelUuid=%, debitornumbersuffix=%, billable=%, vatbusiness=%, vatreversecharge=%, refundbankaccountuuid=%, defaultprefix=%)',
-- uuid_generate_v4(), relatedDebitorRelUuid, withDebitorNumberSuffix, true, true, false, relatedBankAccountUuid, withDefaultPrefix;
insert
into hs_office_debitor (uuid, debitorRelUuid, partnerNumber, debitornumbersuffix, billable, vatbusiness, vatreversecharge, refundbankaccountuuid, defaultprefix)
values (uuid_generate_v4(), relatedDebitorRelUuid, forPartnerNumber, withDebitorNumberSuffix, true, true, false, relatedBankAccountUuid, withDefaultPrefix);
into hs_office_debitor (uuid, debitorRelUuid, debitornumbersuffix, billable, vatbusiness, vatreversecharge, refundbankaccountuuid, defaultprefix)
values (uuid_generate_v4(), relatedDebitorRelUuid, withDebitorNumberSuffix, true, true, false, relatedBankAccountUuid, withDefaultPrefix);
end; $$;
--//
@ -55,9 +54,9 @@ end; $$;
do language plpgsql $$
begin
call createHsOfficeDebitorTestData( 10001, 11, 'First GmbH', 'first contact', 'fir');
call createHsOfficeDebitorTestData( 10002, 12, 'Second e.K.', 'second contact', 'sec');
call createHsOfficeDebitorTestData( 10003, 13, 'Third OHG', 'third contact', 'thi');
call createHsOfficeDebitorTestData(11, 'First GmbH', 'first contact', 'fir');
call createHsOfficeDebitorTestData(12, 'Second e.K.', 'second contact', 'sec');
call createHsOfficeDebitorTestData(13, 'Third OHG', 'third contact', 'thi');
end;
$$;
--//

View File

@ -1,13 +1,17 @@
--liquibase formatted sql
-- ============================================================================
--changeset hs-booking-debitor-EXTRACTED-VIEW:1 endDelimiter:--//
--changeset hs-booking-debitor-RESTRICTED-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
create view hs_booking_debitor_xv as
select debitor.uuid,
debitor.version,
(debitor.partnerNumber::varchar || debitor.debitorNumberSuffix)::numeric as debitorNumber,
(partner.partnerNumber::varchar || debitor.debitorNumberSuffix)::numeric as debitorNumber,
debitor.defaultPrefix
from hs_office_debitor debitor -- not from _rv for performance, nothing really secret here
from hs_office_debitor debitor
-- RBAC for debitor is sufficient, for faster access we are bypassing RBAC for the join tables
join hs_office_relation debitorRel on debitor.debitorReluUid=debitorRel.uuid
join hs_office_relation partnerRel on partnerRel.holderUuid=debitorRel.anchorUuid
join hs_office_partner partner on partner.partnerReluUid=partnerRel.uuid;
--//

View File

@ -208,8 +208,8 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
// then
exactlyTheseAssetsAreReturned(
result,
"HsHostingAssetEntity(MANAGED_WEBSPACE, fir01, some Webspace, MANAGED_SERVER:vm1011, D-1000111:D-1000111 default project:separate ManagedWebspace)",
"HsHostingAssetEntity(MANAGED_WEBSPACE, sec01, some Webspace, MANAGED_SERVER:vm1012, D-1000212:D-1000212 default project:separate ManagedWebspace)",
"HsHostingAssetEntity(MANAGED_WEBSPACE, fir01, some Webspace, MANAGED_SERVER:vm1011, D-1000111:D-1000111 default project:separate ManagedWebspace)",
"HsHostingAssetEntity(MANAGED_WEBSPACE, thi01, some Webspace, MANAGED_SERVER:vm1013, D-1000313:D-1000313 default project:separate ManagedWebspace)");
}

View File

@ -759,7 +759,7 @@ public class ImportOfficeData extends CsvDataImport {
final var debitor = HsOfficeDebitorEntity.builder()
.debitorNumberSuffix("00")
.partnerNumber(partner.getPartnerNumber())
.partner(partner)
.debitorRel(debitorRel)
.defaultPrefix(rec.getString("member_code").replace("hsh00-", ""))
.billable(rec.isEmpty("free") || rec.getString("free").equals("f"))

View File

@ -623,7 +623,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var givenPartner = partnerRepo.findPartnerByOptionalNameLike("Fourth").get(0);
final var givenContact = contactRepo.findContactByOptionalCaptionLike("fourth contact").get(0);
final var newDebitor = HsOfficeDebitorEntity.builder()
.partnerNumber(givenPartner.getPartnerNumber())
.partner(givenPartner)
.debitorNumberSuffix(nextDebitorSuffix())
.billable(true)
.debitorRel(

View File

@ -1,6 +1,7 @@
package net.hostsharing.hsadminng.hs.office.debitor;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactEntity;
import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerEntity;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonEntity;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType;
import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationEntity;
@ -28,7 +29,9 @@ class HsOfficeDebitorEntityUnitTest {
.debitorNumberSuffix("67")
.debitorRel(givenDebitorRel)
.defaultPrefix("som")
.partnerNumber(12345)
.partner(HsOfficePartnerEntity.builder()
.partnerNumber(12345)
.build())
.build();
final var result = given.toString();
@ -41,7 +44,9 @@ class HsOfficeDebitorEntityUnitTest {
final var given = HsOfficeDebitorEntity.builder()
.debitorRel(givenDebitorRel)
.debitorNumberSuffix("67")
.partnerNumber(12345)
.partner(HsOfficePartnerEntity.builder()
.partnerNumber(12345)
.build())
.build();
final var result = given.toShortString();
@ -54,7 +59,9 @@ class HsOfficeDebitorEntityUnitTest {
final var given = HsOfficeDebitorEntity.builder()
.debitorRel(givenDebitorRel)
.debitorNumberSuffix("67")
.partnerNumber(12345)
.partner(HsOfficePartnerEntity.builder()
.partnerNumber(12345)
.build())
.build();
final var result = given.getDebitorNumber();
@ -62,12 +69,25 @@ class HsOfficeDebitorEntityUnitTest {
assertThat(result).isEqualTo(1234567);
}
@Test
void getDebitorNumberWithoutPartnerReturnsNull() {
final var given = HsOfficeDebitorEntity.builder()
.debitorRel(givenDebitorRel)
.debitorNumberSuffix("67")
.partner(null)
.build();
final var result = given.getDebitorNumber();
assertThat(result).isNull();
}
@Test
void getDebitorNumberWithoutPartnerNumberReturnsNull() {
final var given = HsOfficeDebitorEntity.builder()
.debitorRel(givenDebitorRel)
.debitorNumberSuffix("67")
.partnerNumber(null)
.partner(HsOfficePartnerEntity.builder().build())
.build();
final var result = given.getDebitorNumber();
@ -80,7 +100,9 @@ class HsOfficeDebitorEntityUnitTest {
final var given = HsOfficeDebitorEntity.builder()
.debitorRel(givenDebitorRel)
.debitorNumberSuffix(null)
.partnerNumber(12345)
.partner(HsOfficePartnerEntity.builder()
.partnerNumber(12345)
.build())
.build();
final var result = given.getDebitorNumber();

View File

@ -89,7 +89,6 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// when
final var result = attempt(em, () -> {
final var newDebitor = HsOfficeDebitorEntity.builder()
.partnerNumber(10001)
.debitorNumberSuffix("21")
.debitorRel(HsOfficeRelationEntity.builder()
.type(HsOfficeRelationType.DEBITOR)
@ -158,7 +157,6 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
final var givenDebitorPerson = one(personRepo.findPersonByOptionalNameLike("Fourth eG"));
final var givenContact = one(contactRepo.findContactByOptionalCaptionLike("fourth contact"));
final var newDebitor = HsOfficeDebitorEntity.builder()
.partnerNumber(10001)
.debitorNumberSuffix("22")
.debitorRel(HsOfficeRelationEntity.builder()
.type(HsOfficeRelationType.DEBITOR)
@ -320,7 +318,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
assertThatDebitorIsVisibleForUserWithRole(
givenDebitor,
"hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN");
"hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN", true);
final var givenNewPartnerPerson = one(personRepo.findPersonByOptionalNameLike("First"));
final var givenNewBillingPerson = one(personRepo.findPersonByOptionalNameLike("Firby"));
final var givenNewContact = one(contactRepo.findContactByOptionalCaptionLike("sixth contact"));
@ -348,9 +346,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// then
result.assertSuccessful();
assertThatDebitorIsVisibleForUserWithRole(
result.returnedValue(),
"global#global:ADMIN");
assertThatDebitorIsVisibleForUserWithRole(result.returnedValue(), "global#global:ADMIN", true);
// ... partner role was reassigned:
assertThatDebitorIsNotVisibleForUserWithRole(
@ -358,7 +354,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
"hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN");
assertThatDebitorIsVisibleForUserWithRole(
result.returnedValue(),
"hs_office_relation#FirstGmbH-with-DEBITOR-FirbySusan:AGENT");
"hs_office_relation#FirstGmbH-with-DEBITOR-FirbySusan:AGENT", true);
// ... contact role was reassigned:
assertThatDebitorIsNotVisibleForUserWithRole(
@ -366,7 +362,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
"hs_office_contact#fifthcontact:ADMIN");
assertThatDebitorIsVisibleForUserWithRole(
result.returnedValue(),
"hs_office_contact#sixthcontact:ADMIN");
"hs_office_contact#sixthcontact:ADMIN", false);
// ... bank-account role was reassigned:
assertThatDebitorIsNotVisibleForUserWithRole(
@ -374,7 +370,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
"hs_office_bankaccount#DE02200505501015871393:ADMIN");
assertThatDebitorIsVisibleForUserWithRole(
result.returnedValue(),
"hs_office_bankaccount#DE02120300000000202051:ADMIN");
"hs_office_bankaccount#DE02120300000000202051:ADMIN", true);
}
@Test
@ -384,8 +380,8 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "fifth contact", null, "fig");
assertThatDebitorIsVisibleForUserWithRole(
givenDebitor,
"hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN");
assertThatDebitorActuallyInDatabase(givenDebitor);
"hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN", true);
assertThatDebitorActuallyInDatabase(givenDebitor, true);
final var givenNewBankAccount = one(bankAccountRepo.findByOptionalHolderLike("first"));
// when
@ -399,12 +395,12 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
result.assertSuccessful();
assertThatDebitorIsVisibleForUserWithRole(
result.returnedValue(),
"global#global:ADMIN");
"global#global:ADMIN", true);
// ... bank-account role was assigned:
assertThatDebitorIsVisibleForUserWithRole(
result.returnedValue(),
"hs_office_bankaccount#DE02120300000000202051:ADMIN");
"hs_office_bankaccount#DE02120300000000202051:ADMIN", true);
}
@Test
@ -414,8 +410,8 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "fifth contact", "Fourth", "fih");
assertThatDebitorIsVisibleForUserWithRole(
givenDebitor,
"hs_office_relation#HostsharingeG-with-PARTNER-FourtheG:AGENT");
assertThatDebitorActuallyInDatabase(givenDebitor);
"hs_office_relation#HostsharingeG-with-PARTNER-FourtheG:AGENT", true);
assertThatDebitorActuallyInDatabase(givenDebitor, true);
// when
final var result = jpaAttempt.transacted(() -> {
@ -428,7 +424,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
result.assertSuccessful();
assertThatDebitorIsVisibleForUserWithRole(
result.returnedValue(),
"global#global:ADMIN");
"global#global:ADMIN", true);
// ... bank-account role was removed from previous bank-account admin:
assertThatDebitorIsNotVisibleForUserWithRole(
@ -443,8 +439,8 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "eighth", "Fourth", "eig");
assertThatDebitorIsVisibleForUserWithRole(
givenDebitor,
"hs_office_relation#HostsharingeG-with-PARTNER-FourtheG:AGENT");
assertThatDebitorActuallyInDatabase(givenDebitor);
"hs_office_relation#HostsharingeG-with-PARTNER-FourtheG:AGENT", true);
assertThatDebitorActuallyInDatabase(givenDebitor, true);
// when
final var result = jpaAttempt.transacted(() -> {
@ -463,10 +459,8 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// given
context("superuser-alex@hostsharing.net");
final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "ninth", "Fourth", "nin");
assertThatDebitorActuallyInDatabase(givenDebitor);
assertThatDebitorIsVisibleForUserWithRole(
givenDebitor,
"hs_office_contact#ninthcontact:ADMIN");
assertThatDebitorActuallyInDatabase(givenDebitor, true);
assertThatDebitorIsVisibleForUserWithRole(givenDebitor, "hs_office_contact#ninthcontact:ADMIN", false);
// when
final var result = jpaAttempt.transacted(() -> {
@ -483,13 +477,16 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
"Unable to find net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountEntity with id ");
}
private void assertThatDebitorActuallyInDatabase(final HsOfficeDebitorEntity saved) {
private void assertThatDebitorActuallyInDatabase(final HsOfficeDebitorEntity saved, final boolean withPartner) {
final var found = debitorRepo.findByUuid(saved.getUuid());
assertThat(found).isNotEmpty();
found.ifPresent(foundEntity -> {
em.refresh(foundEntity);
Hibernate.initialize(foundEntity);
assertThat(foundEntity).isNotSameAs(saved);
if (withPartner) {
assertThat(foundEntity.getPartner()).isNotNull();
}
assertThat(foundEntity.getDebitorRel()).extracting(HsOfficeRelationEntity::toString)
.isEqualTo(saved.getDebitorRel().toString());
});
@ -497,10 +494,11 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
private void assertThatDebitorIsVisibleForUserWithRole(
final HsOfficeDebitorEntity entity,
final String assumedRoles) {
final String assumedRoles,
final boolean withPartner) {
jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", assumedRoles);
assertThatDebitorActuallyInDatabase(entity);
assertThatDebitorActuallyInDatabase(entity, withPartner);
}).assertSuccessful();
}
@ -615,7 +613,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
final var givenBankAccount =
bankAccountHolder != null ? one(bankAccountRepo.findByOptionalHolderLike(bankAccountHolder)) : null;
final var newDebitor = HsOfficeDebitorEntity.builder()
.partnerNumber(givenPartner.getPartnerNumber())
.partner(givenPartner)
.debitorNumberSuffix("20")
.debitorRel(HsOfficeRelationEntity.builder()
.type(HsOfficeRelationType.DEBITOR)

View File

@ -19,7 +19,7 @@ public class TestHsOfficeDebitor {
.anchor(HsOfficePersonEntity.builder().build())
.contact(TEST_CONTACT)
.build())
.partnerNumber(TEST_PARTNER.getPartnerNumber())
.partner(TEST_PARTNER)
.defaultPrefix("abc")
.build();
}

View File

@ -6,7 +6,6 @@ import io.restassured.http.ContentType;
import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountRepository;
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorRepository;
import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerRepository;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import org.json.JSONException;
@ -43,9 +42,6 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
@Autowired
HsOfficeSepaMandateRepository sepaMandateRepo;
@Autowired
HsOfficePartnerRepository partnerRepo;
@Autowired
HsOfficeDebitorRepository debitorRepo;
@ -497,9 +493,8 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
final var givenDebitor = debitorRepo.findDebitorByDebitorNumber(debitorNumber).get(0);
final var givenPartner = partnerRepo.findPartnerByPartnerNumber(debitorNumber/100);
final var bankAccountHolder = ofNullable(givenPartner.getPartnerRel().getHolder().getTradeName())
.orElse(givenPartner.getPartnerRel().getHolder().getFamilyName());
final var bankAccountHolder = ofNullable(givenDebitor.getPartner().getPartnerRel().getHolder().getTradeName())
.orElse(givenDebitor.getPartner().getPartnerRel().getHolder().getFamilyName());
final var givenBankAccount = bankAccountRepo.findByOptionalHolderLike(bankAccountHolder).get(0);
final var newSepaMandate = HsOfficeSepaMandateEntity.builder()
.uuid(UUID.randomUUID())