fix-domain-setup-rbac-grant-problems #88

Merged
hsh-michaelhoennig merged 4 commits from fix-domain-setup-rbac-grant-problems into master 2024-08-15 10:38:44 +02:00
20 changed files with 291 additions and 56 deletions
Showing only changes of commit dfb123dd00 - Show all commits

View File

@ -0,0 +1,148 @@
-- just a permanent playground to explore optimization of the central recursive CTE query for RBAC
rollback transaction;
begin transaction;
SET TRANSACTION READ ONLY;
call defineContext('performance testing', null, 'superuser-alex@hostsharing.net',
'hs_booking_project#D-1000000-hshdefaultproject:ADMIN');
-- 'hs_booking_project#D-1000300-mihdefaultproject:ADMIN');
select count(type) as counter, type from hs_hosting_asset_rv
group by type
order by counter desc;
commit transaction;
rollback transaction;
begin transaction;
SET TRANSACTION READ ONLY;
call defineContext('performance testing', null, 'superuser-alex@hostsharing.net',
'hs_booking_project#D-1000000-hshdefaultproject:ADMIN');
-- 'hs_booking_project#D-1000300-mihdefaultproject:ADMIN');
with accessible_hs_hosting_asset_uuids as
(with recursive
recursive_grants as
(select distinct rbacgrants.descendantuuid,
rbacgrants.ascendantuuid,
1 as level,
true
from rbacgrants
where rbacgrants.assumed
and (rbacgrants.ascendantuuid = any (currentsubjectsuuids()))
union all
select distinct g.descendantuuid,
g.ascendantuuid,
grants.level + 1 as level,
assertTrue(grants.level < 22, 'too many grant-levels: ' || grants.level)
from rbacgrants g
join recursive_grants grants on grants.descendantuuid = g.ascendantuuid
where g.assumed),
grant_count AS (
SELECT COUNT(*) AS grant_count FROM recursive_grants
),
count_check as (select assertTrue((select count(*) as grant_count from recursive_grants) < 300000,
'too many grants for current subjects: ' || (select count(*) as grant_count from recursive_grants))
as valid)
select distinct perm.objectuuid
from recursive_grants
join rbacpermission perm on recursive_grants.descendantuuid = perm.uuid
join rbacobject obj on obj.uuid = perm.objectuuid
join count_check cc on cc.valid
where obj.objecttable::text = 'hs_hosting_asset'::text)
select type,
-- count(*) as counter
target.uuid,
-- target.version,
-- target.bookingitemuuid,
-- target.type,
-- target.parentassetuuid,
-- target.assignedtoassetuuid,
target.identifier,
target.caption
-- target.config,
-- target.alarmcontactuuid
from hs_hosting_asset target
where (target.uuid in (select accessible_hs_hosting_asset_uuids.objectuuid
from accessible_hs_hosting_asset_uuids))
and target.type in ('EMAIL_ADDRESS', 'CLOUD_SERVER', 'MANAGED_SERVER', 'MANAGED_WEBSPACE')
-- and target.type = 'EMAIL_ADDRESS'
-- order by target.identifier;
-- group by type
-- order by counter desc
;
commit transaction;
rollback transaction;
begin transaction;
SET TRANSACTION READ ONLY;
call defineContext('performance testing', null, 'superuser-alex@hostsharing.net',
'hs_booking_project#D-1000000-hshdefaultproject:ADMIN');
-- 'hs_booking_project#D-1000300-mihdefaultproject:ADMIN');
with one_path as (with recursive path as (
-- Base case: Start with the row where ascending equals the starting UUID
select ascendantuuid,
descendantuuid,
array [ascendantuuid] as path_so_far
from rbacgrants
where ascendantuuid = any (currentsubjectsuuids())
union all
-- Recursive case: Find the next step in the path
select c.ascendantuuid,
c.descendantuuid,
p.path_so_far || c.ascendantuuid
from rbacgrants c
inner join
path p on c.ascendantuuid = p.descendantuuid
where c.ascendantuuid != all (p.path_so_far) -- Prevent cycles
)
-- Final selection: Output all paths that reach the target UUID
select distinct array_length(path_so_far, 1),
path_so_far || descendantuuid as full_path
from path
join rbacpermission perm on perm.uuid = path.descendantuuid
join hs_hosting_asset ha on ha.uuid = perm.objectuuid
-- JOIN rbacrole_ev re on re.uuid = any(path_so_far)
where ha.identifier = 'vm1068'
order by array_length(path_so_far, 1)
limit 1
)
select
(
SELECT ARRAY_AGG(re.roleidname ORDER BY ord.idx)
FROM UNNEST(one_path.full_path) WITH ORDINALITY AS ord(uuid, idx)
JOIN rbacrole_ev re ON ord.uuid = re.uuid
) AS name_array
from one_path;
commit transaction;
select * from
(
select uuid, roleidname as name from rbacrole_ev
union all
select uuid, p.optablename || ':' || p.objectuuid || ':' || p.op as name from rbacpermission p
) united
where uuid in (
'4157915c-a09b-490c-9430-00005fcfbb4f',
'046f2da0-66d5-4e6a-af17-d41fba617b30',
'6239ca11-5224-401d-9780-1af7f5cbf35a',
'70004958-39c7-4d32-8ba6-d78145f3ad32',
'7065fbc1-c605-4da3-97dd-f40fe1b90b4c',
'd551551b-b1dd-414a-a0ed-a07712f15e62',
'f1f0fc3e-020a-48fe-b9c1-ac495cc21fdf',
'63ad71f3-214c-411e-8b0b-a859e54af770',
'561bbe75-b8f2-4e4b-86ac-02a72ab9a6e8',
'379e99b3-b53f-421d-a53e-2e81c464fbf2',
'5cb1ecb2-7962-47e0-b8bf-67974da45208'
);

View File

@ -94,7 +94,7 @@ public class HsBookingProjectEntity implements Stringifyable, BaseEntity<HsBooki
.toRole("global", ADMIN).grantPermission(DELETE) .toRole("global", ADMIN).grantPermission(DELETE)
.createRole(OWNER, (with) -> { .createRole(OWNER, (with) -> {
with.incomingSuperRole("debitorRel", AGENT); with.incomingSuperRole("debitorRel", AGENT).unassumed();
}) })
.createSubRole(ADMIN, (with) -> { .createSubRole(ADMIN, (with) -> {
with.permission(UPDATE); with.permission(UPDATE);

View File

@ -192,6 +192,9 @@ public class HsHostingAssetEntity implements HsHostingAsset {
with.outgoingSubRole("bookingItem", TENANT); with.outgoingSubRole("bookingItem", TENANT);
with.outgoingSubRole("parentAsset", TENANT); with.outgoingSubRole("parentAsset", TENANT);
with.incomingSuperRole("alarmContact", ADMIN); with.incomingSuperRole("alarmContact", ADMIN);
})
.createSubRole(REFERRER, (with) -> {
with.incomingSuperRole("assignedToAsset", AGENT);
with.permission(SELECT); with.permission(SELECT);
}) })

View File

@ -1,11 +1,10 @@
--liquibase formatted sql --liquibase formatted sql
-- ============================================================================ -- ============================================================================
-- RAISE-FUNCTIONS
--changeset RAISE-FUNCTIONS:1 endDelimiter:--// --changeset RAISE-FUNCTIONS:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
Like RAISE EXCEPTION ... just as an expression instead of a statement. Like `RAISE EXCEPTION` ... just as an expression instead of a statement.
*/ */
create or replace function raiseException(msg text) create or replace function raiseException(msg text)
returns varchar returns varchar
@ -14,3 +13,19 @@ begin
raise exception using message = msg; raise exception using message = msg;
end; $$; end; $$;
--// --//
-- ============================================================================
--changeset ASSERT-FUNCTIONS:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Like `ASSERT` but as an expression instead of a statement.
*/
create or replace function assertTrue(expectedTrue boolean, msg text)
returns boolean
language plpgsql as $$
begin
assert expectedTrue, msg;
return expectedTrue;
end; $$;
--//

View File

@ -177,26 +177,35 @@ begin
sql := format($sql$ sql := format($sql$
create or replace view %1$s_rv as create or replace view %1$s_rv as
with accessible_%1$s_uuids as ( with accessible_%1$s_uuids as (
with recursive
-- TODO.perf: this CTE query makes RBAC-SELECT-permission-queries so slow (~500ms), any idea how to optimize? recursive_grants as
-- My guess is, that the depth of role-grants causes the problem. (select distinct rbacgrants.descendantuuid,
with recursive grants as ( rbacgrants.ascendantuuid,
select descendantUuid, ascendantUuid, 1 as level 1 as level,
from RbacGrants true
where assumed from rbacgrants
and ascendantUuid = any (currentSubjectsuUids()) where rbacgrants.assumed
and (rbacgrants.ascendantuuid = any (currentsubjectsuuids()))
union all union all
select g.descendantUuid, g.ascendantUuid, level + 1 as level select distinct g.descendantuuid,
from RbacGrants g g.ascendantuuid,
inner join grants on grants.descendantUuid = g.ascendantUuid grants.level + 1 as level,
where g.assumed and level<10 assertTrue(grants.level < 22, 'too many grant-levels: ' || grants.level)
) from rbacgrants g
select distinct perm.objectUuid as objectUuid join recursive_grants grants on grants.descendantuuid = g.ascendantuuid
from grants where g.assumed),
join RbacPermission perm on grants.descendantUuid = perm.uuid grant_count AS (
join RbacObject obj on obj.uuid = perm.objectUuid SELECT COUNT(*) AS grant_count FROM recursive_grants
),
count_check as (select assertTrue((select count(*) as grant_count from recursive_grants) < 400000,
'too many grants for current subjects: ' || (select count(*) as grant_count from recursive_grants))
as valid)
select distinct perm.objectuuid
from recursive_grants
join rbacpermission perm on recursive_grants.descendantuuid = perm.uuid
join rbacobject obj on obj.uuid = perm.objectuuid
join count_check cc on cc.valid
where obj.objectTable = '%1$s' -- 'SELECT' permission is included in all other permissions where obj.objectTable = '%1$s' -- 'SELECT' permission is included in all other permissions
limit 8001
) )
select target.* select target.*
from %1$s as target from %1$s as target

View File

@ -48,7 +48,7 @@ role:global:ADMIN -.-> role:debitorRel:OWNER
role:debitorRel:OWNER -.-> role:debitorRel:ADMIN role:debitorRel:OWNER -.-> role:debitorRel:ADMIN
role:debitorRel:ADMIN -.-> role:debitorRel:AGENT role:debitorRel:ADMIN -.-> role:debitorRel:AGENT
role:debitorRel:AGENT -.-> role:debitorRel:TENANT role:debitorRel:AGENT -.-> role:debitorRel:TENANT
role:debitorRel:AGENT ==> role:project:OWNER role:debitorRel:AGENT ==>|XX| role:project:OWNER
role:project:OWNER ==> role:project:ADMIN role:project:OWNER ==> role:project:ADMIN
role:project:ADMIN ==> role:project:AGENT role:project:ADMIN ==> role:project:AGENT
role:project:AGENT ==> role:project:TENANT role:project:AGENT ==> role:project:TENANT

View File

@ -49,7 +49,7 @@ begin
perform createRoleWithGrants( perform createRoleWithGrants(
hsBookingProjectOWNER(NEW), hsBookingProjectOWNER(NEW),
incomingSuperRoles => array[hsOfficeRelationAGENT(newDebitorRel)] incomingSuperRoles => array[hsOfficeRelationAGENT(newDebitorRel, unassumed())]
); );
perform createRoleWithGrants( perform createRoleWithGrants(

View File

@ -30,6 +30,7 @@ subgraph asset["`**asset**`"]
role:asset:ADMIN[[asset:ADMIN]] role:asset:ADMIN[[asset:ADMIN]]
role:asset:AGENT[[asset:AGENT]] role:asset:AGENT[[asset:AGENT]]
role:asset:TENANT[[asset:TENANT]] role:asset:TENANT[[asset:TENANT]]
role:asset:REFERRER[[asset:REFERRER]]
end end
subgraph asset:permissions[ ] subgraph asset:permissions[ ]
@ -50,6 +51,7 @@ subgraph assignedToAsset["`**assignedToAsset**`"]
style assignedToAsset:roles fill:#99bcdb,stroke:white style assignedToAsset:roles fill:#99bcdb,stroke:white
role:assignedToAsset:TENANT[[assignedToAsset:TENANT]] role:assignedToAsset:TENANT[[assignedToAsset:TENANT]]
role:assignedToAsset:AGENT[[assignedToAsset:AGENT]]
end end
end end
@ -103,6 +105,8 @@ role:asset:AGENT ==> role:asset:TENANT
role:asset:TENANT ==> role:bookingItem:TENANT role:asset:TENANT ==> role:bookingItem:TENANT
role:asset:TENANT ==> role:parentAsset:TENANT role:asset:TENANT ==> role:parentAsset:TENANT
role:alarmContact:ADMIN ==> role:asset:TENANT role:alarmContact:ADMIN ==> role:asset:TENANT
role:asset:TENANT ==> role:asset:REFERRER
role:assignedToAsset:AGENT ==> role:asset:REFERRER
%% granting permissions to roles %% granting permissions to roles
role:global:ADMIN ==> perm:asset:INSERT role:global:ADMIN ==> perm:asset:INSERT
@ -110,6 +114,6 @@ role:parentAsset:ADMIN ==> perm:asset:INSERT
role:global:GUEST ==> perm:asset:INSERT role:global:GUEST ==> perm:asset:INSERT
role:asset:OWNER ==> perm:asset:DELETE role:asset:OWNER ==> perm:asset:DELETE
role:asset:ADMIN ==> perm:asset:UPDATE role:asset:ADMIN ==> perm:asset:UPDATE
role:asset:TENANT ==> perm:asset:SELECT role:asset:REFERRER ==> perm:asset:SELECT
``` ```

View File

@ -75,7 +75,6 @@ begin
perform createRoleWithGrants( perform createRoleWithGrants(
hsHostingAssetTENANT(NEW), hsHostingAssetTENANT(NEW),
permissions => array['SELECT'],
incomingSuperRoles => array[ incomingSuperRoles => array[
hsHostingAssetAGENT(NEW), hsHostingAssetAGENT(NEW),
hsOfficeContactADMIN(newAlarmContact)], hsOfficeContactADMIN(newAlarmContact)],
@ -84,6 +83,14 @@ begin
hsHostingAssetTENANT(newParentAsset)] hsHostingAssetTENANT(newParentAsset)]
); );
perform createRoleWithGrants(
hsHostingAssetREFERRER(NEW),
permissions => array['SELECT'],
incomingSuperRoles => array[
hsHostingAssetAGENT(newAssignedToAsset),
hsHostingAssetTENANT(NEW)]
);
IF NEW.type = 'DOMAIN_SETUP' THEN IF NEW.type = 'DOMAIN_SETUP' THEN
END IF; END IF;

View File

@ -287,7 +287,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
class PatchBookingItem { class PatchBookingItem {
@Test @Test
void globalAdmin_canPatchAllUpdatablePropertiesOfBookingItem() { void projectAgent_canPatchAllUpdatablePropertiesOfBookingItem() {
final var givenBookingItem = givenSomeNewBookingItem("D-1000111 default project", MANAGED_WEBSPACE, final var givenBookingItem = givenSomeNewBookingItem("D-1000111 default project", MANAGED_WEBSPACE,
resource("HDD", 100), resource("SSD", 50), resource("Traffic", 250)); resource("HDD", 100), resource("SSD", 50), resource("Traffic", 250));
@ -295,6 +295,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off RestAssured // @formatter:off
.given() .given()
.header("current-user", "superuser-alex@hostsharing.net") .header("current-user", "superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT")
.contentType(ContentType.JSON) .contentType(ContentType.JSON)
.body(""" .body("""
{ {

View File

@ -182,7 +182,9 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup
public void normalUser_canViewOnlyRelatedBookingItems() { public void normalUser_canViewOnlyRelatedBookingItems() {
// given: // given:
context("person-FirbySusan@example.com"); context("person-FirbySusan@example.com");
final var projectUuid = debitorRepo.findDebitorByDebitorNumber(1000111).stream() final var debitor = debitorRepo.findDebitorByDebitorNumber(1000111);
context("person-FirbySusan@example.com", "hs_booking_project#D-1000111-D-1000111defaultproject:OWNER");
final var projectUuid = debitor.stream()
.map(d -> projectRepo.findAllByDebitorUuid(d.getUuid())) .map(d -> projectRepo.findAllByDebitorUuid(d.getUuid()))
.flatMap(List::stream) .flatMap(List::stream)
.findAny().orElseThrow().getUuid(); .findAny().orElseThrow().getUuid();
@ -209,7 +211,7 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT");
final var foundBookingItem = em.find(HsBookingItemEntity.class, givenBookingItemUuid); final var foundBookingItem = em.find(HsBookingItemEntity.class, givenBookingItemUuid);
foundBookingItem.getResources().put("CPU", 2); foundBookingItem.getResources().put("CPU", 2);
foundBookingItem.getResources().remove("SSD-storage"); foundBookingItem.getResources().remove("SSD-storage");
@ -262,12 +264,12 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup
@Test @Test
public void nonGlobalAdmin_canNotDeleteTheirRelatedBookingItem() { public void nonGlobalAdmin_canNotDeleteTheirRelatedBookingItem() {
// given // given
context("superuser-alex@hostsharing.net", null); context("superuser-alex@hostsharing.net", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT");
final var givenBookingItem = givenSomeTemporaryBookingItem("D-1000111 default project"); final var givenBookingItem = givenSomeTemporaryBookingItem("D-1000111 default project");
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context("person-FirbySusan@example.com"); context("person-FirbySusan@example.com", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT");
assertThat(bookingItemRepo.findByUuid(givenBookingItem.getUuid())).isPresent(); assertThat(bookingItemRepo.findByUuid(givenBookingItem.getUuid())).isPresent();
bookingItemRepo.deleteByUuid(givenBookingItem.getUuid()); bookingItemRepo.deleteByUuid(givenBookingItem.getUuid());
@ -286,7 +288,7 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup
@Test @Test
public void deletingABookingItemAlsoDeletesRelatedRolesAndGrants() { public void deletingABookingItemAlsoDeletesRelatedRolesAndGrants() {
// given // given
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT");
final var initialRoleNames = Array.from(distinctRoleNamesOf(rawRoleRepo.findAll())); final var initialRoleNames = Array.from(distinctRoleNamesOf(rawRoleRepo.findAll()));
final var initialGrantNames = Array.from(distinctGrantDisplaysOf(rawGrantRepo.findAll())); final var initialGrantNames = Array.from(distinctGrantDisplaysOf(rawGrantRepo.findAll()));
final var givenBookingItem = givenSomeTemporaryBookingItem("D-1000111 default project"); final var givenBookingItem = givenSomeTemporaryBookingItem("D-1000111 default project");

View File

@ -163,7 +163,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
} }
@Test @Test
void debitorAgentUser_canGetRelatedBookingProject() { void projectAgentUser_canGetRelatedBookingProject() {
context.define("superuser-alex@hostsharing.net"); context.define("superuser-alex@hostsharing.net");
final var givenBookingProjectUuid = bookingProjectRepo.findByCaption("D-1000313 default project").stream() final var givenBookingProjectUuid = bookingProjectRepo.findByCaption("D-1000313 default project").stream()
.findAny().orElseThrow().getUuid(); .findAny().orElseThrow().getUuid();
@ -171,6 +171,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off RestAssured // @formatter:off
.given() .given()
.header("current-user", "person-TuckerJack@example.com") .header("current-user", "person-TuckerJack@example.com")
.header("assumed-roles", "hs_booking_project#D-1000313-D-1000313defaultproject:AGENT")
.port(port) .port(port)
.when() .when()
.get("http://localhost/api/hs/booking/projects/" + givenBookingProjectUuid) .get("http://localhost/api/hs/booking/projects/" + givenBookingProjectUuid)

View File

@ -125,7 +125,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
"{ grant perm:hs_booking_project#D-1000111-somenewbookingproject:INSERT>hs_booking_item to role:hs_booking_project#D-1000111-somenewbookingproject:ADMIN by system and assume }", "{ grant perm:hs_booking_project#D-1000111-somenewbookingproject:INSERT>hs_booking_item to role:hs_booking_project#D-1000111-somenewbookingproject:ADMIN by system and assume }",
// agent // agent
"{ grant role:hs_booking_project#D-1000111-somenewbookingproject:OWNER to role:relation#FirstGmbH-with-DEBITOR-FirstGmbH:AGENT by system and assume }", "{ grant role:hs_booking_project#D-1000111-somenewbookingproject:OWNER to role:relation#FirstGmbH-with-DEBITOR-FirstGmbH:AGENT by system }",
"{ grant role:hs_booking_project#D-1000111-somenewbookingproject:TENANT to role:hs_booking_project#D-1000111-somenewbookingproject:AGENT by system and assume }", "{ grant role:hs_booking_project#D-1000111-somenewbookingproject:TENANT to role:hs_booking_project#D-1000111-somenewbookingproject:AGENT by system and assume }",
// tenant // tenant
@ -161,9 +161,10 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
} }
@Test @Test
public void normalUser_canViewOnlyRelatedBookingProjects() { public void packetAgent_canViewOnlyRelatedBookingProjects() {
// given: // given:
context("person-FirbySusan@example.com"); context("person-FirbySusan@example.com", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT");
final var debitorUuid = debitorRepo.findByDebitorNumber(1000111).stream() final var debitorUuid = debitorRepo.findByDebitorNumber(1000111).stream()
.findAny().orElseThrow().getUuid(); .findAny().orElseThrow().getUuid();
@ -233,12 +234,11 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
@Test @Test
public void nonGlobalAdmin_canNotDeleteTheirRelatedBookingProject() { public void nonGlobalAdmin_canNotDeleteTheirRelatedBookingProject() {
// given // given
context("superuser-alex@hostsharing.net", null);
final var givenBookingProject = givenSomeTemporaryBookingProject(1000111); final var givenBookingProject = givenSomeTemporaryBookingProject(1000111);
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context("person-FirbySusan@example.com"); context("person-FirbySusan@example.com", "hs_booking_project#D-1000111-sometempproject:AGENT");
assertThat(bookingProjectRepo.findByUuid(givenBookingProject.getUuid())).isPresent(); assertThat(bookingProjectRepo.findByUuid(givenBookingProject.getUuid())).isPresent();
bookingProjectRepo.deleteByUuid(givenBookingProject.getUuid()); bookingProjectRepo.deleteByUuid(givenBookingProject.getUuid());

View File

@ -413,7 +413,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
} }
@Test @Test
void debitorAgentUser_canGetRelatedAsset() { void projectAgentUser_canGetRelatedAsset() {
context.define("superuser-alex@hostsharing.net"); context.define("superuser-alex@hostsharing.net");
final var givenAssetUuid = assetRepo.findByIdentifier("vm1013").stream() final var givenAssetUuid = assetRepo.findByIdentifier("vm1013").stream()
.filter(bi -> bi.getBookingItem().getProject().getCaption().equals("D-1000313 default project")) .filter(bi -> bi.getBookingItem().getProject().getCaption().equals("D-1000313 default project"))
@ -422,6 +422,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off RestAssured // @formatter:off
.given() .given()
.header("current-user", "person-TuckerJack@example.com") .header("current-user", "person-TuckerJack@example.com")
.header("assumed-roles", "hs_booking_project#D-1000313-D-1000313defaultproject:AGENT")
.port(port) .port(port)
.when() .when()
.get("http://localhost/api/hs/hosting/assets/" + givenAssetUuid) .get("http://localhost/api/hs/hosting/assets/" + givenAssetUuid)

View File

@ -98,7 +98,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
@Test @Test
public void createsAndGrantsRoles() { public void createsAndGrantsRoles() {
// given // given
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT");
final var givenManagedServer = givenHostingAsset("D-1000111 default project", MANAGED_SERVER); final var givenManagedServer = givenHostingAsset("D-1000111 default project", MANAGED_SERVER);
final var newWebspaceBookingItem = newBookingItem(givenManagedServer.getBookingItem(), HsBookingItemType.MANAGED_WEBSPACE, "fir01"); final var newWebspaceBookingItem = newBookingItem(givenManagedServer.getBookingItem(), HsBookingItemType.MANAGED_WEBSPACE, "fir01");
em.flush(); em.flush();
@ -125,7 +125,8 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
"hs_hosting_asset#fir00:ADMIN", "hs_hosting_asset#fir00:ADMIN",
"hs_hosting_asset#fir00:AGENT", "hs_hosting_asset#fir00:AGENT",
"hs_hosting_asset#fir00:OWNER", "hs_hosting_asset#fir00:OWNER",
"hs_hosting_asset#fir00:TENANT")); "hs_hosting_asset#fir00:TENANT",
"hs_hosting_asset#fir00:REFERRER"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.containsExactlyInAnyOrder(fromFormatted( .containsExactlyInAnyOrder(fromFormatted(
initialGrantNames, initialGrantNames,
@ -152,7 +153,10 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
"{ grant role:hs_booking_item#fir01:TENANT to role:hs_hosting_asset#fir00:TENANT by system and assume }", "{ grant role:hs_booking_item#fir01:TENANT to role:hs_hosting_asset#fir00:TENANT by system and assume }",
"{ grant role:hs_hosting_asset#fir00:TENANT to role:hs_hosting_asset#fir00:AGENT by system and assume }", "{ grant role:hs_hosting_asset#fir00:TENANT to role:hs_hosting_asset#fir00:AGENT by system and assume }",
"{ grant role:hs_hosting_asset#vm1011:TENANT to role:hs_hosting_asset#fir00:TENANT by system and assume }", "{ grant role:hs_hosting_asset#vm1011:TENANT to role:hs_hosting_asset#fir00:TENANT by system and assume }",
"{ grant perm:hs_hosting_asset#fir00:SELECT to role:hs_hosting_asset#fir00:TENANT by system and assume }", // workaround
// referrer
"{ grant perm:hs_hosting_asset#fir00:SELECT to role:hs_hosting_asset#fir00:REFERRER by system and assume }",
"{ grant role:hs_hosting_asset#fir00:REFERRER to role:hs_hosting_asset#fir00:TENANT by system and assume }",
null)); null));
} }
@ -216,7 +220,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
@Test @Test
public void normalUser_canViewOnlyRelatedAsset() { public void normalUser_canViewOnlyRelatedAsset() {
// given: // given:
context("person-FirbySusan@example.com"); context("person-FirbySusan@example.com", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT");
final var projectUuid = projectRepo.findByCaption("D-1000111 default project").stream() final var projectUuid = projectRepo.findByCaption("D-1000111 default project").stream()
.findAny().orElseThrow().getUuid(); .findAny().orElseThrow().getUuid();
@ -310,12 +314,12 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
@Test @Test
public void relatedOwner_canDeleteTheirRelatedAsset() { public void relatedOwner_canDeleteTheirRelatedAsset() {
// given // given
context("superuser-alex@hostsharing.net", null); context("superuser-alex@hostsharing.net", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT");
final var givenAsset = givenSomeTemporaryAsset("D-1000111 default project", "vm1000"); final var givenAsset = givenSomeTemporaryAsset("D-1000111 default project", "vm1000");
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context("person-FirbySusan@example.com"); context("person-FirbySusan@example.com", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT");
assertThat(assetRepo.findByUuid(givenAsset.getUuid())).isPresent(); assertThat(assetRepo.findByUuid(givenAsset.getUuid())).isPresent();
assetRepo.deleteByUuid(givenAsset.getUuid()); assetRepo.deleteByUuid(givenAsset.getUuid());

View File

@ -34,6 +34,7 @@ import org.springframework.test.annotation.DirtiesContext;
import java.io.Reader; import java.io.Reader;
import java.net.IDN; import java.net.IDN;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@ -183,9 +184,9 @@ public class ImportHostingAssets extends ImportOfficeData {
{ {
363=HsHostingAssetRealEntity(IPV4_NUMBER, 83.223.95.34), 363=HsHostingAssetRealEntity(IPV4_NUMBER, 83.223.95.34),
381=HsHostingAssetRealEntity(IPV4_NUMBER, 83.223.95.52), 381=HsHostingAssetRealEntity(IPV4_NUMBER, 83.223.95.52),
401=HsHostingAssetRealEntity(IPV4_NUMBER, 83.223.95.72),
402=HsHostingAssetRealEntity(IPV4_NUMBER, 83.223.95.73), 402=HsHostingAssetRealEntity(IPV4_NUMBER, 83.223.95.73),
433=HsHostingAssetRealEntity(IPV4_NUMBER, 83.223.95.104), 433=HsHostingAssetRealEntity(IPV4_NUMBER, 83.223.95.104)
457=HsHostingAssetRealEntity(IPV4_NUMBER, 83.223.95.128)
} }
"""); """);
} }
@ -244,7 +245,7 @@ public class ImportHostingAssets extends ImportOfficeData {
10978=HsBookingItemEntity(D-1000000:hsh default project, MANAGED_SERVER, [2013-04-01,), BI vm1050), 10978=HsBookingItemEntity(D-1000000:hsh default project, MANAGED_SERVER, [2013-04-01,), BI vm1050),
11061=HsBookingItemEntity(D-1000300:mim default project, MANAGED_SERVER, [2013-08-19,), BI vm1068), 11061=HsBookingItemEntity(D-1000300:mim default project, MANAGED_SERVER, [2013-08-19,), BI vm1068),
11094=HsBookingItemEntity(D-1000300:mim default project, MANAGED_WEBSPACE, [2013-09-10,), BI lug00), 11094=HsBookingItemEntity(D-1000300:mim default project, MANAGED_WEBSPACE, [2013-09-10,), BI lug00),
11112=HsBookingItemEntity(D-1000300:mim default project, MANAGED_WEBSPACE, [2013-09-17,), BI mim00), 11111=HsBookingItemEntity(D-1000000:vm1068 Monitor, MANAGED_WEBSPACE, [2013-08-19,), BI xyz68),
23611=HsBookingItemEntity(D-1101800:wws default project, CLOUD_SERVER, [2022-08-10,), BI vm2097) 23611=HsBookingItemEntity(D-1101800:wws default project, CLOUD_SERVER, [2022-08-10,), BI vm2097)
} }
"""); """);
@ -255,10 +256,10 @@ public class ImportHostingAssets extends ImportOfficeData {
10978=HsHostingAssetRealEntity(MANAGED_SERVER, vm1050, HA vm1050, D-1000000:hsh default project:BI vm1050), 10978=HsHostingAssetRealEntity(MANAGED_SERVER, vm1050, HA vm1050, D-1000000:hsh default project:BI vm1050),
11061=HsHostingAssetRealEntity(MANAGED_SERVER, vm1068, HA vm1068, D-1000300:mim default project:BI vm1068), 11061=HsHostingAssetRealEntity(MANAGED_SERVER, vm1068, HA vm1068, D-1000300:mim default project:BI vm1068),
11094=HsHostingAssetRealEntity(MANAGED_WEBSPACE, lug00, HA lug00, MANAGED_SERVER:vm1068, D-1000300:mim default project:BI lug00), 11094=HsHostingAssetRealEntity(MANAGED_WEBSPACE, lug00, HA lug00, MANAGED_SERVER:vm1068, D-1000300:mim default project:BI lug00),
11111=HsHostingAssetRealEntity(MANAGED_WEBSPACE, xyz68, HA xyz68, MANAGED_SERVER:vm1068, D-1000000:vm1068 Monitor:BI xyz68),
11112=HsHostingAssetRealEntity(MANAGED_WEBSPACE, mim00, HA mim00, MANAGED_SERVER:vm1068, D-1000300:mim default project:BI mim00), 11112=HsHostingAssetRealEntity(MANAGED_WEBSPACE, mim00, HA mim00, MANAGED_SERVER:vm1068, D-1000300:mim default project:BI mim00),
11447=HsHostingAssetRealEntity(MANAGED_SERVER, vm1093, HA vm1093, D-1000000:hsh default project:BI vm1093), 11447=HsHostingAssetRealEntity(MANAGED_SERVER, vm1093, HA vm1093, D-1000000:hsh default project:BI vm1093),
19959=HsHostingAssetRealEntity(MANAGED_WEBSPACE, dph00, HA dph00, MANAGED_SERVER:vm1093, D-1101900:dph default project:BI dph00), 19959=HsHostingAssetRealEntity(MANAGED_WEBSPACE, dph00, HA dph00, MANAGED_SERVER:vm1093, D-1101900:dph default project:BI dph00)
23611=HsHostingAssetRealEntity(CLOUD_SERVER, vm2097, HA vm2097, D-1101800:wws default project:BI vm2097)
} }
"""); """);
} }
@ -287,8 +288,8 @@ public class ImportHostingAssets extends ImportOfficeData {
10978=HsHostingAssetRealEntity(MANAGED_SERVER, vm1050, HA vm1050, D-1000000:hsh default project:BI vm1050), 10978=HsHostingAssetRealEntity(MANAGED_SERVER, vm1050, HA vm1050, D-1000000:hsh default project:BI vm1050),
11061=HsHostingAssetRealEntity(MANAGED_SERVER, vm1068, HA vm1068, D-1000300:mim default project:BI vm1068), 11061=HsHostingAssetRealEntity(MANAGED_SERVER, vm1068, HA vm1068, D-1000300:mim default project:BI vm1068),
11094=HsHostingAssetRealEntity(MANAGED_WEBSPACE, lug00, HA lug00, MANAGED_SERVER:vm1068, D-1000300:mim default project:BI lug00), 11094=HsHostingAssetRealEntity(MANAGED_WEBSPACE, lug00, HA lug00, MANAGED_SERVER:vm1068, D-1000300:mim default project:BI lug00),
11112=HsHostingAssetRealEntity(MANAGED_WEBSPACE, mim00, HA mim00, MANAGED_SERVER:vm1068, D-1000300:mim default project:BI mim00), 11111=HsHostingAssetRealEntity(MANAGED_WEBSPACE, xyz68, HA xyz68, MANAGED_SERVER:vm1068, D-1000000:vm1068 Monitor:BI xyz68),
11447=HsHostingAssetRealEntity(MANAGED_SERVER, vm1093, HA vm1093, D-1000000:hsh default project:BI vm1093) 11112=HsHostingAssetRealEntity(MANAGED_WEBSPACE, mim00, HA mim00, MANAGED_SERVER:vm1068, D-1000300:mim default project:BI mim00)
} }
"""); """);
assertThat(firstOfEachType( assertThat(firstOfEachType(
@ -303,6 +304,7 @@ public class ImportHostingAssets extends ImportOfficeData {
10978=HsBookingItemEntity(D-1000000:hsh default project, MANAGED_SERVER, [2013-04-01,), BI vm1050, {"CPU": 4, "HDD": 250, "RAM": 32, "SLA-EMail": true, "SLA-Maria": true, "SLA-Office": true, "SLA-PgSQL": true, "SLA-Platform": "EXT4H", "SLA-Web": true, "SSD": 150, "Traffic": 250}), 10978=HsBookingItemEntity(D-1000000:hsh default project, MANAGED_SERVER, [2013-04-01,), BI vm1050, {"CPU": 4, "HDD": 250, "RAM": 32, "SLA-EMail": true, "SLA-Maria": true, "SLA-Office": true, "SLA-PgSQL": true, "SLA-Platform": "EXT4H", "SLA-Web": true, "SSD": 150, "Traffic": 250}),
11061=HsBookingItemEntity(D-1000300:mim default project, MANAGED_SERVER, [2013-08-19,), BI vm1068, {"CPU": 2, "HDD": 250, "RAM": 4, "SLA-EMail": true, "SLA-Maria": true, "SLA-Office": true, "SLA-PgSQL": true, "SLA-Platform": "EXT2H", "SLA-Web": true, "Traffic": 250}), 11061=HsBookingItemEntity(D-1000300:mim default project, MANAGED_SERVER, [2013-08-19,), BI vm1068, {"CPU": 2, "HDD": 250, "RAM": 4, "SLA-EMail": true, "SLA-Maria": true, "SLA-Office": true, "SLA-PgSQL": true, "SLA-Platform": "EXT2H", "SLA-Web": true, "Traffic": 250}),
11094=HsBookingItemEntity(D-1000300:mim default project, MANAGED_WEBSPACE, [2013-09-10,), BI lug00, {"Multi": 5, "SLA-Platform": "EXT24H", "SSD": 1, "Traffic": 10}), 11094=HsBookingItemEntity(D-1000300:mim default project, MANAGED_WEBSPACE, [2013-09-10,), BI lug00, {"Multi": 5, "SLA-Platform": "EXT24H", "SSD": 1, "Traffic": 10}),
11111=HsBookingItemEntity(D-1000000:vm1068 Monitor, MANAGED_WEBSPACE, [2013-08-19,), BI xyz68, {"SSD": 3}),
11112=HsBookingItemEntity(D-1000300:mim default project, MANAGED_WEBSPACE, [2013-09-17,), BI mim00, {"Multi": 5, "SLA-Platform": "EXT24H", "SSD": 3, "Traffic": 20}), 11112=HsBookingItemEntity(D-1000300:mim default project, MANAGED_WEBSPACE, [2013-09-17,), BI mim00, {"Multi": 5, "SLA-Platform": "EXT24H", "SSD": 3, "Traffic": 20}),
11447=HsBookingItemEntity(D-1000000:hsh default project, MANAGED_SERVER, [2014-11-28,), BI vm1093, {"CPU": 6, "HDD": 500, "RAM": 16, "SLA-EMail": true, "SLA-Maria": true, "SLA-Office": true, "SLA-PgSQL": true, "SLA-Platform": "EXT4H", "SLA-Web": true, "SSD": 300, "Traffic": 250}), 11447=HsBookingItemEntity(D-1000000:hsh default project, MANAGED_SERVER, [2014-11-28,), BI vm1093, {"CPU": 6, "HDD": 500, "RAM": 16, "SLA-EMail": true, "SLA-Maria": true, "SLA-Office": true, "SLA-PgSQL": true, "SLA-Platform": "EXT4H", "SLA-Web": true, "SSD": 300, "Traffic": 250}),
19959=HsBookingItemEntity(D-1101900:dph default project, MANAGED_WEBSPACE, [2021-06-02,), BI dph00, {"Multi": 1, "SLA-Platform": "EXT24H", "SSD": 25, "Traffic": 20}), 19959=HsBookingItemEntity(D-1101900:dph default project, MANAGED_WEBSPACE, [2021-06-02,), BI dph00, {"Multi": 1, "SLA-Platform": "EXT24H", "SSD": 25, "Traffic": 20}),
@ -335,6 +337,7 @@ public class ImportHostingAssets extends ImportOfficeData {
5811=HsHostingAssetRealEntity(UNIX_USER, lug00-ola.a, LUG OLA - POP a, MANAGED_WEBSPACE:lug00, {"SSD hard quota": 0, "SSD soft quota": 0, "locked": false, "shell": "/usr/bin/passwd", "userid": 102094}), 5811=HsHostingAssetRealEntity(UNIX_USER, lug00-ola.a, LUG OLA - POP a, MANAGED_WEBSPACE:lug00, {"SSD hard quota": 0, "SSD soft quota": 0, "locked": false, "shell": "/usr/bin/passwd", "userid": 102094}),
5813=HsHostingAssetRealEntity(UNIX_USER, lug00-ola.b, LUG OLA - POP b, MANAGED_WEBSPACE:lug00, {"SSD hard quota": 0, "SSD soft quota": 0, "locked": false, "shell": "/usr/bin/passwd", "userid": 102095}), 5813=HsHostingAssetRealEntity(UNIX_USER, lug00-ola.b, LUG OLA - POP b, MANAGED_WEBSPACE:lug00, {"SSD hard quota": 0, "SSD soft quota": 0, "locked": false, "shell": "/usr/bin/passwd", "userid": 102095}),
5835=HsHostingAssetRealEntity(UNIX_USER, lug00-test, Test, MANAGED_WEBSPACE:lug00, {"SSD hard quota": 1024, "SSD soft quota": 1024, "locked": false, "shell": "/usr/bin/passwd", "userid": 102106}), 5835=HsHostingAssetRealEntity(UNIX_USER, lug00-test, Test, MANAGED_WEBSPACE:lug00, {"SSD hard quota": 1024, "SSD soft quota": 1024, "locked": false, "shell": "/usr/bin/passwd", "userid": 102106}),
5961=HsHostingAssetRealEntity(UNIX_USER, xyz68, Monitoring h68, MANAGED_WEBSPACE:xyz68, {"SSD hard quota": 0, "SSD soft quota": 0, "locked": false, "shell": "/bin/bash", "userid": 102141}),
5964=HsHostingAssetRealEntity(UNIX_USER, mim00, Michael Mellis, MANAGED_WEBSPACE:mim00, {"SSD hard quota": 0, "SSD soft quota": 0, "locked": false, "shell": "/bin/bash", "userid": 102147}), 5964=HsHostingAssetRealEntity(UNIX_USER, mim00, Michael Mellis, MANAGED_WEBSPACE:mim00, {"SSD hard quota": 0, "SSD soft quota": 0, "locked": false, "shell": "/bin/bash", "userid": 102147}),
5966=HsHostingAssetRealEntity(UNIX_USER, mim00-1981, Jahrgangstreffen 1981, MANAGED_WEBSPACE:mim00, {"SSD hard quota": 256, "SSD soft quota": 128, "locked": false, "shell": "/bin/bash", "userid": 102148}), 5966=HsHostingAssetRealEntity(UNIX_USER, mim00-1981, Jahrgangstreffen 1981, MANAGED_WEBSPACE:mim00, {"SSD hard quota": 256, "SSD soft quota": 128, "locked": false, "shell": "/bin/bash", "userid": 102148}),
5990=HsHostingAssetRealEntity(UNIX_USER, mim00-mail, Mailbox, MANAGED_WEBSPACE:mim00, {"SSD hard quota": 0, "SSD soft quota": 0, "locked": false, "shell": "/bin/bash", "userid": 102160}), 5990=HsHostingAssetRealEntity(UNIX_USER, mim00-mail, Mailbox, MANAGED_WEBSPACE:mim00, {"SSD hard quota": 0, "SSD soft quota": 0, "locked": false, "shell": "/bin/bash", "userid": 102160}),
@ -880,6 +883,7 @@ public class ImportHostingAssets extends ImportOfficeData {
5811=HsHostingAssetRealEntity(UNIX_USER, lug00-ola.a, LUG OLA - POP a, MANAGED_WEBSPACE:lug00, {"SSD hard quota": 0, "SSD soft quota": 0, "locked": false, "password": null, "shell": "/usr/bin/passwd", "userid": 102094}), 5811=HsHostingAssetRealEntity(UNIX_USER, lug00-ola.a, LUG OLA - POP a, MANAGED_WEBSPACE:lug00, {"SSD hard quota": 0, "SSD soft quota": 0, "locked": false, "password": null, "shell": "/usr/bin/passwd", "userid": 102094}),
5813=HsHostingAssetRealEntity(UNIX_USER, lug00-ola.b, LUG OLA - POP b, MANAGED_WEBSPACE:lug00, {"SSD hard quota": 0, "SSD soft quota": 0, "locked": false, "password": null, "shell": "/usr/bin/passwd", "userid": 102095}), 5813=HsHostingAssetRealEntity(UNIX_USER, lug00-ola.b, LUG OLA - POP b, MANAGED_WEBSPACE:lug00, {"SSD hard quota": 0, "SSD soft quota": 0, "locked": false, "password": null, "shell": "/usr/bin/passwd", "userid": 102095}),
5835=HsHostingAssetRealEntity(UNIX_USER, lug00-test, Test, MANAGED_WEBSPACE:lug00, {"SSD hard quota": 1024, "SSD soft quota": 1024, "locked": false, "password": null, "shell": "/usr/bin/passwd", "userid": 102106}), 5835=HsHostingAssetRealEntity(UNIX_USER, lug00-test, Test, MANAGED_WEBSPACE:lug00, {"SSD hard quota": 1024, "SSD soft quota": 1024, "locked": false, "password": null, "shell": "/usr/bin/passwd", "userid": 102106}),
5961=HsHostingAssetRealEntity(UNIX_USER, xyz68, Monitoring h68, MANAGED_WEBSPACE:xyz68, {"SSD hard quota": 0, "SSD soft quota": 0, "locked": false, "password": null, "shell": "/bin/bash", "userid": 102141}),
5964=HsHostingAssetRealEntity(UNIX_USER, mim00, Michael Mellis, MANAGED_WEBSPACE:mim00, {"SSD hard quota": 0, "SSD soft quota": 0, "locked": false, "password": null, "shell": "/bin/bash", "userid": 102147}), 5964=HsHostingAssetRealEntity(UNIX_USER, mim00, Michael Mellis, MANAGED_WEBSPACE:mim00, {"SSD hard quota": 0, "SSD soft quota": 0, "locked": false, "password": null, "shell": "/bin/bash", "userid": 102147}),
5966=HsHostingAssetRealEntity(UNIX_USER, mim00-1981, Jahrgangstreffen 1981, MANAGED_WEBSPACE:mim00, {"SSD hard quota": 256, "SSD soft quota": 128, "locked": false, "password": null, "shell": "/bin/bash", "userid": 102148}), 5966=HsHostingAssetRealEntity(UNIX_USER, mim00-1981, Jahrgangstreffen 1981, MANAGED_WEBSPACE:mim00, {"SSD hard quota": 256, "SSD soft quota": 128, "locked": false, "password": null, "shell": "/bin/bash", "userid": 102148}),
5990=HsHostingAssetRealEntity(UNIX_USER, mim00-mail, Mailbox, MANAGED_WEBSPACE:mim00, {"SSD hard quota": 0, "SSD soft quota": 0, "locked": false, "password": null, "shell": "/bin/bash", "userid": 102160}), 5990=HsHostingAssetRealEntity(UNIX_USER, mim00-mail, Mailbox, MANAGED_WEBSPACE:mim00, {"SSD hard quota": 0, "SSD soft quota": 0, "locked": false, "password": null, "shell": "/bin/bash", "userid": 102160}),
@ -909,8 +913,8 @@ public class ImportHostingAssets extends ImportOfficeData {
verifyActuallyPersistedHostingAssetCount(CLOUD_SERVER, 1, 50); verifyActuallyPersistedHostingAssetCount(CLOUD_SERVER, 1, 50);
verifyActuallyPersistedHostingAssetCount(MANAGED_SERVER, 4, 100); verifyActuallyPersistedHostingAssetCount(MANAGED_SERVER, 4, 100);
verifyActuallyPersistedHostingAssetCount(MANAGED_WEBSPACE, 4, 100); verifyActuallyPersistedHostingAssetCount(MANAGED_WEBSPACE, 5, 100);
verifyActuallyPersistedHostingAssetCount(UNIX_USER, 14, 100); verifyActuallyPersistedHostingAssetCount(UNIX_USER, 15, 100);
verifyActuallyPersistedHostingAssetCount(EMAIL_ALIAS, 9, 1400); verifyActuallyPersistedHostingAssetCount(EMAIL_ALIAS, 9, 1400);
verifyActuallyPersistedHostingAssetCount(PGSQL_DATABASE, 8, 100); verifyActuallyPersistedHostingAssetCount(PGSQL_DATABASE, 8, 100);
verifyActuallyPersistedHostingAssetCount(MARIADB_DATABASE, 8, 100); verifyActuallyPersistedHostingAssetCount(MARIADB_DATABASE, 8, 100);
@ -918,6 +922,25 @@ public class ImportHostingAssets extends ImportOfficeData {
verifyActuallyPersistedHostingAssetCount(EMAIL_ADDRESS, 71, 30000); verifyActuallyPersistedHostingAssetCount(EMAIL_ADDRESS, 71, 30000);
} }
@Test
@Order(19930)
void verifyProjectAgentsCanViewEmailAddresses() {
assumeThatWeAreImportingControlledTestData();
final var haCount = jpaAttempt.transacted(() -> {
context(rbacSuperuser);
// final var roles = em.createNativeQuery("select * from rbacrole_ev where roleidname like 'hs_office_relation%with-DEBITOR%'").getResultList();
final var roles = em.createNativeQuery("select * from rbacrole_ev where roleidname like 'hs_booking_project#D-10003%'").getResultList();
//context(rbacSuperuser, "hs_booking_project#D-1000300-mimdefaultproject:ADMIN");
context(rbacSuperuser, "hs_booking_project#D-1000300-mimdefaultproject:AGENT");
final var result = em.createNativeQuery("select * from hs_hosting_asset where type='EMAIL_ADDRESS'")
.getResultList();
return (Integer) em.createNativeQuery("select count(*) from hs_hosting_asset where type='EMAIL_ADDRESS'", Integer.class)
.getSingleResult();
}).assertSuccessful().returnedValue();
assertThat(haCount).isEqualTo(71);
}
// ============================================================================================ // ============================================================================================
@Test @Test
@ -1095,8 +1118,21 @@ public class ImportHostingAssets extends ImportOfficeData {
final var managedWebspace = pac(packet_id); final var managedWebspace = pac(packet_id);
final var parentAsset = hive(hive_id).serverRef.get(); final var parentAsset = hive(hive_id).serverRef.get();
managedWebspace.setParentAsset(parentAsset); managedWebspace.setParentAsset(parentAsset);
if (parentAsset.getRelatedProject() != managedWebspace.getRelatedProject()
&& managedWebspace.getRelatedProject().getDebitor().getDebitorNumber() == 10000_00 ) {
assertThat(managedWebspace.getIdentifier()).startsWith("xyz");
final var hshDebitor = managedWebspace.getBookingItem().getProject().getDebitor();
final var newProject = HsBookingProjectEntity.builder()
.debitor(hshDebitor)
.caption(parentAsset.getIdentifier() + " Monitor")
.build();
bookingProjects.put(Collections.max(bookingProjects.keySet())+1, newProject);
managedWebspace.getBookingItem().setProject(newProject);
} else {
managedWebspace.getBookingItem().setParentItem(parentAsset.getBookingItem()); managedWebspace.getBookingItem().setParentItem(parentAsset.getBookingItem());
} }
}
}); });
} }

View File

@ -1,6 +1,7 @@
inet_addr_id;inet_addr;description inet_addr_id;inet_addr;description
363;83.223.95.34; 363;83.223.95.34;
381;83.223.95.52; 381;83.223.95.52;
401;83.223.95.72;
402;83.223.95.73; 402;83.223.95.73;
433;83.223.95.104; 433;83.223.95.104;
457;83.223.95.128; 457;83.223.95.128;

1 inet_addr_id inet_addr description
2 363 83.223.95.34
3 381 83.223.95.52
4 401 83.223.95.72
5 402 83.223.95.73
6 433 83.223.95.104
7 457 83.223.95.128

View File

@ -4,6 +4,7 @@ packet_id;basepacket_code;packet_name;bp_id;hive_id;created;cancelled;cur_inet_a
10978;SRV/MGD;vm1050;213;1014;2013-04-01;;433;;1 10978;SRV/MGD;vm1050;213;1014;2013-04-01;;433;;1
11061;SRV/MGD;vm1068;100;1037;2013-08-19;;381;;f 11061;SRV/MGD;vm1068;100;1037;2013-08-19;;381;;f
11094;PAC/WEB;lug00;100;1037;2013-09-10;;1168;;1 11094;PAC/WEB;lug00;100;1037;2013-09-10;;1168;;1
11111;PAC/WEB;xyz68;213;1037;2013-08-19;;401;;1
11112;PAC/WEB;mim00;100;1037;2013-09-17;;402;;1 11112;PAC/WEB;mim00;100;1037;2013-09-17;;402;;1
11447;SRV/MGD;vm1093;213;1163;2014-11-28;;457;;t 11447;SRV/MGD;vm1093;213;1163;2014-11-28;;457;;t
19959;PAC/WEB;dph00;542;1163;2021-06-02;;574;;0 19959;PAC/WEB;dph00;542;1163;2021-06-02;;574;;0

1 packet_id basepacket_code packet_name bp_id hive_id created cancelled cur_inet_addr_id old_inet_addr_id free
4 10978 SRV/MGD vm1050 213 1014 2013-04-01 433 1
5 11061 SRV/MGD vm1068 100 1037 2013-08-19 381 f
6 11094 PAC/WEB lug00 100 1037 2013-09-10 1168 1
7 11111 PAC/WEB xyz68 213 1037 2013-08-19 401 1
8 11112 PAC/WEB mim00 100 1037 2013-09-17 402 1
9 11447 SRV/MGD vm1093 213 1163 2014-11-28 457 t
10 19959 PAC/WEB dph00 542 1163 2021-06-02 574 0

View File

@ -7,6 +7,7 @@ packet_component_id;packet_id;quantity;basecomponent_code;created;cancelled
46121;11112;20;TRAFFIC;2017-03-27; 46121;11112;20;TRAFFIC;2017-03-27;
46122;11112;5;MULTI;2017-03-27; 46122;11112;5;MULTI;2017-03-27;
46123;11112;3072;QUOTA;2017-03-27; 46123;11112;3072;QUOTA;2017-03-27;
46124;11111;3072;QUOTA;2017-03-27;
143133;11094;1;SLABASIC;2017-09-01; 143133;11094;1;SLABASIC;2017-09-01;
143483;11112;1;SLABASIC;2017-09-01; 143483;11112;1;SLABASIC;2017-09-01;
757383;11112;0;SLAEXT24H;; 757383;11112;0;SLAEXT24H;;

1 packet_component_id packet_id quantity basecomponent_code created cancelled
7 46121 11112 20 TRAFFIC 2017-03-27
8 46122 11112 5 MULTI 2017-03-27
9 46123 11112 3072 QUOTA 2017-03-27
10 46124 11111 3072 QUOTA 2017-03-27
11 143133 11094 1 SLABASIC 2017-09-01
12 143483 11112 1 SLABASIC 2017-09-01
13 757383 11112 0 SLAEXT24H

View File

@ -9,6 +9,7 @@ unixuser_id;name;comment;shell;homedir;locked;packet_id;userid;quota_softlimit;q
5835;lug00-test;Test;/usr/bin/passwd;/home/pacs/lug00/users/test;0;11094;102106;2000000;4000000;20;0 5835;lug00-test;Test;/usr/bin/passwd;/home/pacs/lug00/users/test;0;11094;102106;2000000;4000000;20;0
6705;hsh00-mim;Michael Mellis;/bin/false;/home/pacs/hsh00/users/mi;0;10630;10003;0;0;0;0 6705;hsh00-mim;Michael Mellis;/bin/false;/home/pacs/hsh00/users/mi;0;10630;10003;0;0;0;0
5961;xyz68;Monitoring h68;/bin/bash;/home/pacs/xyz68;0;11111;102141;0;0;0;0
5964;mim00;Michael Mellis;/bin/bash;/home/pacs/mim00;0;11112;102147;0;0;0;0 5964;mim00;Michael Mellis;/bin/bash;/home/pacs/mim00;0;11112;102147;0;0;0;0
5966;mim00-1981;Jahrgangstreffen 1981;/bin/bash;/home/pacs/mim00/users/1981;0;11112;102148;128;256;0;0 5966;mim00-1981;Jahrgangstreffen 1981;/bin/bash;/home/pacs/mim00/users/1981;0;11112;102148;128;256;0;0
5990;mim00-mail;Mailbox;/bin/bash;/home/pacs/mim00/users/mail;0;11112;102160;0;0;0;0 5990;mim00-mail;Mailbox;/bin/bash;/home/pacs/mim00/users/mail;0;11112;102160;0;0;0;0

1 unixuser_id name comment shell homedir locked packet_id userid quota_softlimit quota_hardlimit storage_softlimit storage_hardlimit
9 6705 hsh00-mim Michael Mellis /bin/false /home/pacs/hsh00/users/mi 0 10630 10003 0 0 0 0
10 5964 5961 mim00 xyz68 Michael Mellis Monitoring h68 /bin/bash /home/pacs/mim00 /home/pacs/xyz68 0 11112 11111 102147 102141 0 0 0 0
11 5966 5964 mim00-1981 mim00 Jahrgangstreffen 1981 Michael Mellis /bin/bash /home/pacs/mim00/users/1981 /home/pacs/mim00 0 11112 102148 102147 128 0 256 0 0 0
12 5966 mim00-1981 Jahrgangstreffen 1981 /bin/bash /home/pacs/mim00/users/1981 0 11112 102148 128 256 0 0
13 5990 mim00-mail Mailbox /bin/bash /home/pacs/mim00/users/mail 0 11112 102160 0 0 0 0
14 7846 hsh00-dph hsh00-uph /bin/false /home/pacs/hsh00/users/uph 0 10630 110568 0 0 0 0
15 9546 dph00 Reinhard Wiese /bin/bash /home/pacs/dph00 0 19959 110593 0 0 0 0