fix-domain-setup-rbac-grant-problems #88
@ -123,26 +123,20 @@ select
|
|||||||
from one_path;
|
from one_path;
|
||||||
commit transaction;
|
commit transaction;
|
||||||
|
|
||||||
|
with grants as (
|
||||||
|
select uuid
|
||||||
|
from rbacgrants
|
||||||
select * from
|
where descendantuuid in (
|
||||||
(
|
select uuid
|
||||||
select uuid, roleidname as name from rbacrole_ev
|
from rbacrole
|
||||||
union all
|
where objectuuid in (
|
||||||
select uuid, p.optablename || ':' || p.objectuuid || ':' || p.op as name from rbacpermission p
|
select uuid
|
||||||
) united
|
from hs_hosting_asset
|
||||||
where uuid in (
|
-- where type = 'DOMAIN_MBOX_SETUP'
|
||||||
'4157915c-a09b-490c-9430-00005fcfbb4f',
|
-- and identifier = 'example.org|MBOX'
|
||||||
'046f2da0-66d5-4e6a-af17-d41fba617b30',
|
where type = 'EMAIL_ADDRESS'
|
||||||
'6239ca11-5224-401d-9780-1af7f5cbf35a',
|
and identifier='test@example.org'
|
||||||
'70004958-39c7-4d32-8ba6-d78145f3ad32',
|
))
|
||||||
'7065fbc1-c605-4da3-97dd-f40fe1b90b4c',
|
)
|
||||||
'd551551b-b1dd-414a-a0ed-a07712f15e62',
|
select * from rbacgrants_ev gev where exists ( select uuid from grants where gev.uuid = grants.uuid );
|
||||||
'f1f0fc3e-020a-48fe-b9c1-ac495cc21fdf',
|
|
||||||
'63ad71f3-214c-411e-8b0b-a859e54af770',
|
|
||||||
'561bbe75-b8f2-4e4b-86ac-02a72ab9a6e8',
|
|
||||||
'379e99b3-b53f-421d-a53e-2e81c464fbf2',
|
|
||||||
'5cb1ecb2-7962-47e0-b8bf-67974da45208'
|
|
||||||
);
|
|
||||||
|
|
||||||
|
@ -185,6 +185,7 @@ public class HsHostingAssetEntity implements HsHostingAsset {
|
|||||||
with.permission(UPDATE);
|
with.permission(UPDATE);
|
||||||
})
|
})
|
||||||
.createSubRole(AGENT, (with) -> {
|
.createSubRole(AGENT, (with) -> {
|
||||||
|
with.incomingSuperRole("assignedToAsset", AGENT); // TODO.spec: or ADMIN?
|
||||||
with.outgoingSubRole("assignedToAsset", TENANT);
|
with.outgoingSubRole("assignedToAsset", TENANT);
|
||||||
with.outgoingSubRole("alarmContact", REFERRER);
|
with.outgoingSubRole("alarmContact", REFERRER);
|
||||||
})
|
})
|
||||||
@ -192,9 +193,6 @@ public class HsHostingAssetEntity implements HsHostingAsset {
|
|||||||
with.outgoingSubRole("bookingItem", TENANT);
|
with.outgoingSubRole("bookingItem", TENANT);
|
||||||
with.outgoingSubRole("parentAsset", TENANT);
|
with.outgoingSubRole("parentAsset", TENANT);
|
||||||
with.incomingSuperRole("alarmContact", ADMIN);
|
with.incomingSuperRole("alarmContact", ADMIN);
|
||||||
})
|
|
||||||
.createSubRole(REFERRER, (with) -> {
|
|
||||||
with.incomingSuperRole("assignedToAsset", AGENT);
|
|
||||||
with.permission(SELECT);
|
with.permission(SELECT);
|
||||||
})
|
})
|
||||||
|
|
||||||
|
@ -264,7 +264,7 @@ public enum HsHostingAssetType implements Node {
|
|||||||
package Booking #feb28c {
|
package Booking #feb28c {
|
||||||
%{bookingNodes}
|
%{bookingNodes}
|
||||||
}
|
}
|
||||||
|
|
||||||
package Hosting #feb28c{
|
package Hosting #feb28c{
|
||||||
%{hostingGroups}
|
%{hostingGroups}
|
||||||
}
|
}
|
||||||
|
@ -215,7 +215,7 @@ public class RbacGrantsDiagramService {
|
|||||||
@NotNull
|
@NotNull
|
||||||
private static String cleanId(final String idName) {
|
private static String cleanId(final String idName) {
|
||||||
return idName.replaceAll("@.*", "")
|
return idName.replaceAll("@.*", "")
|
||||||
.replace("[", "").replace("]", "").replace("(", "").replace(")", "").replace(",", "").replace(">", ":");
|
.replace("[", "").replace("]", "").replace("(", "").replace(")", "").replace(",", "").replace(">", ":").replace("|", "_");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -30,7 +30,6 @@ subgraph asset["`**asset**`"]
|
|||||||
role:asset:ADMIN[[asset:ADMIN]]
|
role:asset:ADMIN[[asset:ADMIN]]
|
||||||
role:asset:AGENT[[asset:AGENT]]
|
role:asset:AGENT[[asset:AGENT]]
|
||||||
role:asset:TENANT[[asset:TENANT]]
|
role:asset:TENANT[[asset:TENANT]]
|
||||||
role:asset:REFERRER[[asset:REFERRER]]
|
|
||||||
end
|
end
|
||||||
|
|
||||||
subgraph asset:permissions[ ]
|
subgraph asset:permissions[ ]
|
||||||
@ -50,8 +49,8 @@ subgraph assignedToAsset["`**assignedToAsset**`"]
|
|||||||
subgraph assignedToAsset:roles[ ]
|
subgraph assignedToAsset:roles[ ]
|
||||||
style assignedToAsset:roles fill:#99bcdb,stroke:white
|
style assignedToAsset:roles fill:#99bcdb,stroke:white
|
||||||
|
|
||||||
role:assignedToAsset:TENANT[[assignedToAsset:TENANT]]
|
|
||||||
role:assignedToAsset:AGENT[[assignedToAsset:AGENT]]
|
role:assignedToAsset:AGENT[[assignedToAsset:AGENT]]
|
||||||
|
role:assignedToAsset:TENANT[[assignedToAsset:TENANT]]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -99,14 +98,13 @@ role:asset:OWNER ==> role:asset:ADMIN
|
|||||||
role:bookingItem:AGENT ==> role:asset:ADMIN
|
role:bookingItem:AGENT ==> role:asset:ADMIN
|
||||||
role:parentAsset:AGENT ==> role:asset:ADMIN
|
role:parentAsset:AGENT ==> role:asset:ADMIN
|
||||||
role:asset:ADMIN ==> role:asset:AGENT
|
role:asset:ADMIN ==> role:asset:AGENT
|
||||||
|
role:assignedToAsset:AGENT ==> role:asset:AGENT
|
||||||
role:asset:AGENT ==> role:assignedToAsset:TENANT
|
role:asset:AGENT ==> role:assignedToAsset:TENANT
|
||||||
role:asset:AGENT ==> role:alarmContact:REFERRER
|
role:asset:AGENT ==> role:alarmContact:REFERRER
|
||||||
role:asset:AGENT ==> role:asset:TENANT
|
role:asset:AGENT ==> role:asset:TENANT
|
||||||
role:asset:TENANT ==> role:bookingItem:TENANT
|
role:asset:TENANT ==> role:bookingItem:TENANT
|
||||||
role:asset:TENANT ==> role:parentAsset:TENANT
|
role:asset:TENANT ==> role:parentAsset:TENANT
|
||||||
role:alarmContact:ADMIN ==> role:asset:TENANT
|
role:alarmContact:ADMIN ==> role:asset:TENANT
|
||||||
role:asset:TENANT ==> role:asset:REFERRER
|
|
||||||
role:assignedToAsset:AGENT ==> role:asset:REFERRER
|
|
||||||
|
|
||||||
%% granting permissions to roles
|
%% granting permissions to roles
|
||||||
role:global:ADMIN ==> perm:asset:INSERT
|
role:global:ADMIN ==> perm:asset:INSERT
|
||||||
@ -114,6 +112,6 @@ role:parentAsset:ADMIN ==> perm:asset:INSERT
|
|||||||
role:global:GUEST ==> perm:asset:INSERT
|
role:global:GUEST ==> perm:asset:INSERT
|
||||||
role:asset:OWNER ==> perm:asset:DELETE
|
role:asset:OWNER ==> perm:asset:DELETE
|
||||||
role:asset:ADMIN ==> perm:asset:UPDATE
|
role:asset:ADMIN ==> perm:asset:UPDATE
|
||||||
role:asset:REFERRER ==> perm:asset:SELECT
|
role:asset:TENANT ==> perm:asset:SELECT
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -67,7 +67,9 @@ begin
|
|||||||
|
|
||||||
perform createRoleWithGrants(
|
perform createRoleWithGrants(
|
||||||
hsHostingAssetAGENT(NEW),
|
hsHostingAssetAGENT(NEW),
|
||||||
incomingSuperRoles => array[hsHostingAssetADMIN(NEW)],
|
incomingSuperRoles => array[
|
||||||
|
hsHostingAssetADMIN(NEW),
|
||||||
|
hsHostingAssetAGENT(newAssignedToAsset)],
|
||||||
outgoingSubRoles => array[
|
outgoingSubRoles => array[
|
||||||
hsHostingAssetTENANT(newAssignedToAsset),
|
hsHostingAssetTENANT(newAssignedToAsset),
|
||||||
hsOfficeContactREFERRER(newAlarmContact)]
|
hsOfficeContactREFERRER(newAlarmContact)]
|
||||||
@ -75,6 +77,7 @@ begin
|
|||||||
|
|
||||||
perform createRoleWithGrants(
|
perform createRoleWithGrants(
|
||||||
hsHostingAssetTENANT(NEW),
|
hsHostingAssetTENANT(NEW),
|
||||||
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
hsHostingAssetAGENT(NEW),
|
hsHostingAssetAGENT(NEW),
|
||||||
hsOfficeContactADMIN(newAlarmContact)],
|
hsOfficeContactADMIN(newAlarmContact)],
|
||||||
@ -83,14 +86,6 @@ begin
|
|||||||
hsHostingAssetTENANT(newParentAsset)]
|
hsHostingAssetTENANT(newParentAsset)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
|
||||||
hsHostingAssetREFERRER(NEW),
|
|
||||||
permissions => array['SELECT'],
|
|
||||||
incomingSuperRoles => array[
|
|
||||||
hsHostingAssetAGENT(newAssignedToAsset),
|
|
||||||
hsHostingAssetTENANT(NEW)]
|
|
||||||
);
|
|
||||||
|
|
||||||
IF NEW.type = 'DOMAIN_SETUP' THEN
|
IF NEW.type = 'DOMAIN_SETUP' THEN
|
||||||
END IF;
|
END IF;
|
||||||
|
|
||||||
|
@ -23,6 +23,7 @@ declare
|
|||||||
managedServerUuid uuid;
|
managedServerUuid uuid;
|
||||||
managedWebspaceUuid uuid;
|
managedWebspaceUuid uuid;
|
||||||
webUnixUserUuid uuid;
|
webUnixUserUuid uuid;
|
||||||
|
mboxUnixUserUuid uuid;
|
||||||
domainSetupUuid uuid;
|
domainSetupUuid uuid;
|
||||||
domainMBoxSetupUuid uuid;
|
domainMBoxSetupUuid uuid;
|
||||||
mariaDbInstanceUuid uuid;
|
mariaDbInstanceUuid uuid;
|
||||||
@ -71,6 +72,7 @@ begin
|
|||||||
select uuid_generate_v4() into managedServerUuid;
|
select uuid_generate_v4() into managedServerUuid;
|
||||||
select uuid_generate_v4() into managedWebspaceUuid;
|
select uuid_generate_v4() into managedWebspaceUuid;
|
||||||
select uuid_generate_v4() into webUnixUserUuid;
|
select uuid_generate_v4() into webUnixUserUuid;
|
||||||
|
select uuid_generate_v4() into mboxUnixUserUuid;
|
||||||
select uuid_generate_v4() into domainSetupUuid;
|
select uuid_generate_v4() into domainSetupUuid;
|
||||||
select uuid_generate_v4() into domainMBoxSetupUuid;
|
select uuid_generate_v4() into domainMBoxSetupUuid;
|
||||||
select uuid_generate_v4() into mariaDbInstanceUuid;
|
select uuid_generate_v4() into mariaDbInstanceUuid;
|
||||||
@ -94,11 +96,12 @@ begin
|
|||||||
(uuid_generate_v4(), null, 'PGSQL_DATABASE', pgSqlUserUuid, pgSqlInstanceUuid, defaultPrefix || '01_web', 'some default Postgresql database','{ "encryption": "utf8", "collation": "utf8"}'::jsonb ),
|
(uuid_generate_v4(), null, 'PGSQL_DATABASE', pgSqlUserUuid, pgSqlInstanceUuid, defaultPrefix || '01_web', 'some default Postgresql database','{ "encryption": "utf8", "collation": "utf8"}'::jsonb ),
|
||||||
(uuid_generate_v4(), null, 'EMAIL_ALIAS', managedWebspaceUuid, null, defaultPrefix || '01-web', 'some E-Mail-Alias', '{ "target": [ "office@example.org", "archive@example.com" ] }'::jsonb),
|
(uuid_generate_v4(), null, 'EMAIL_ALIAS', managedWebspaceUuid, null, defaultPrefix || '01-web', 'some E-Mail-Alias', '{ "target": [ "office@example.org", "archive@example.com" ] }'::jsonb),
|
||||||
(webUnixUserUuid, null, 'UNIX_USER', managedWebspaceUuid, null, defaultPrefix || '01-web', 'some UnixUser for Website', '{ "SSD-soft-quota": "128", "SSD-hard-quota": "256", "HDD-soft-quota": "512", "HDD-hard-quota": "1024"}'::jsonb),
|
(webUnixUserUuid, null, 'UNIX_USER', managedWebspaceUuid, null, defaultPrefix || '01-web', 'some UnixUser for Website', '{ "SSD-soft-quota": "128", "SSD-hard-quota": "256", "HDD-soft-quota": "512", "HDD-hard-quota": "1024"}'::jsonb),
|
||||||
|
(mboxUnixUserUuid, null, 'UNIX_USER', managedWebspaceUuid, null, defaultPrefix || '01-mbox', 'some UnixUser for E-Mail', '{ "SSD-soft-quota": "128", "SSD-hard-quota": "256", "HDD-soft-quota": "512", "HDD-hard-quota": "1024"}'::jsonb),
|
||||||
(domainSetupUuid, null, 'DOMAIN_SETUP', null, null, defaultPrefix || '.example.org', 'some Domain-Setup', '{}'::jsonb),
|
(domainSetupUuid, null, 'DOMAIN_SETUP', null, null, defaultPrefix || '.example.org', 'some Domain-Setup', '{}'::jsonb),
|
||||||
(uuid_generate_v4(), null, 'DOMAIN_DNS_SETUP', domainSetupUuid, null, defaultPrefix || '.example.org|DNS', 'some Domain-DNS-Setup', '{}'::jsonb),
|
(uuid_generate_v4(), null, 'DOMAIN_DNS_SETUP', domainSetupUuid, null, defaultPrefix || '.example.org|DNS', 'some Domain-DNS-Setup', '{}'::jsonb),
|
||||||
(uuid_generate_v4(), null, 'DOMAIN_HTTP_SETUP', domainSetupUuid, webUnixUserUuid, defaultPrefix || '.example.org|HTTP', 'some Domain-HTTP-Setup', '{ "option-htdocsfallback": true, "use-fcgiphpbin": "/usr/lib/cgi-bin/php", "validsubdomainnames": "*"}'::jsonb),
|
(uuid_generate_v4(), null, 'DOMAIN_HTTP_SETUP', domainSetupUuid, webUnixUserUuid, defaultPrefix || '.example.org|HTTP', 'some Domain-HTTP-Setup', '{ "option-htdocsfallback": true, "use-fcgiphpbin": "/usr/lib/cgi-bin/php", "validsubdomainnames": "*"}'::jsonb),
|
||||||
(uuid_generate_v4(), null, 'DOMAIN_SMTP_SETUP', domainSetupUuid, managedWebspaceUuid, defaultPrefix || '.example.org|DNS', 'some Domain-SMPT-Setup', '{}'::jsonb),
|
(uuid_generate_v4(), null, 'DOMAIN_SMTP_SETUP', domainSetupUuid, managedWebspaceUuid, defaultPrefix || '.example.org|SMTP', 'some Domain-SMTP-Setup', '{}'::jsonb),
|
||||||
(domainMBoxSetupUuid, null, 'DOMAIN_MBOX_SETUP', domainSetupUuid, managedWebspaceUuid, defaultPrefix || '.example.org|DNS', 'some Domain-MBOX-Setup', '{}'::jsonb),
|
(domainMBoxSetupUuid, null, 'DOMAIN_MBOX_SETUP', domainSetupUuid, managedWebspaceUuid, defaultPrefix || '.example.org|MBOX', 'some Domain-MBOX-Setup', '{}'::jsonb),
|
||||||
(uuid_generate_v4(), null, 'EMAIL_ADDRESS', domainMBoxSetupUuid, null, 'test@' || defaultPrefix || '.example.org', 'some E-Mail-Address', '{}'::jsonb);
|
(uuid_generate_v4(), null, 'EMAIL_ADDRESS', domainMBoxSetupUuid, null, 'test@' || defaultPrefix || '.example.org', 'some E-Mail-Address', '{}'::jsonb);
|
||||||
end; $$;
|
end; $$;
|
||||||
--//
|
--//
|
||||||
|
@ -324,10 +324,12 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
|
|||||||
assertThat(givenHostingAsset.getBookingItem().getResources().get("Multi"))
|
assertThat(givenHostingAsset.getBookingItem().getResources().get("Multi"))
|
||||||
.as("precondition failed")
|
.as("precondition failed")
|
||||||
.isEqualTo(1);
|
.isEqualTo(1);
|
||||||
|
final var preExistingUnixUserCount = assetRepo.findAllByCriteria(null, givenHostingAsset.getUuid(), UNIX_USER).size();
|
||||||
|
final var UNIX_USER_PER_MULTI_OPTION = 25;
|
||||||
|
|
||||||
jpaAttempt.transacted(() -> {
|
jpaAttempt.transacted(() -> {
|
||||||
context.define("superuser-alex@hostsharing.net");
|
context.define("superuser-alex@hostsharing.net");
|
||||||
for (int n = 0; n < 25; ++n) {
|
for (int n = 0; n < UNIX_USER_PER_MULTI_OPTION -preExistingUnixUserCount+1; ++n) {
|
||||||
toCleanup(assetRepo.save(
|
toCleanup(assetRepo.save(
|
||||||
HsHostingAssetEntity.builder()
|
HsHostingAssetEntity.builder()
|
||||||
.type(UNIX_USER)
|
.type(UNIX_USER)
|
||||||
|
@ -6,6 +6,7 @@ import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRepository;
|
|||||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemType;
|
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemType;
|
||||||
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRepository;
|
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRepository;
|
||||||
import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository;
|
import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository;
|
||||||
|
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService;
|
||||||
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
|
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
|
||||||
import net.hostsharing.hsadminng.mapper.Array;
|
import net.hostsharing.hsadminng.mapper.Array;
|
||||||
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
|
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
|
||||||
@ -28,6 +29,7 @@ import java.util.Map;
|
|||||||
import static java.util.Map.entry;
|
import static java.util.Map.entry;
|
||||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.CLOUD_SERVER;
|
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.CLOUD_SERVER;
|
||||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.DOMAIN_SETUP;
|
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.DOMAIN_SETUP;
|
||||||
|
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.EMAIL_ADDRESS;
|
||||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.MANAGED_SERVER;
|
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.MANAGED_SERVER;
|
||||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.MANAGED_WEBSPACE;
|
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.MANAGED_WEBSPACE;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
|
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
|
||||||
@ -125,8 +127,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
|||||||
"hs_hosting_asset#fir00:ADMIN",
|
"hs_hosting_asset#fir00:ADMIN",
|
||||||
"hs_hosting_asset#fir00:AGENT",
|
"hs_hosting_asset#fir00:AGENT",
|
||||||
"hs_hosting_asset#fir00:OWNER",
|
"hs_hosting_asset#fir00:OWNER",
|
||||||
"hs_hosting_asset#fir00:TENANT",
|
"hs_hosting_asset#fir00:TENANT"));
|
||||||
"hs_hosting_asset#fir00:REFERRER"));
|
|
||||||
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
|
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
|
||||||
.containsExactlyInAnyOrder(fromFormatted(
|
.containsExactlyInAnyOrder(fromFormatted(
|
||||||
initialGrantNames,
|
initialGrantNames,
|
||||||
@ -153,10 +154,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
|||||||
"{ grant role:hs_booking_item#fir01:TENANT to role:hs_hosting_asset#fir00:TENANT by system and assume }",
|
"{ grant role:hs_booking_item#fir01:TENANT to role:hs_hosting_asset#fir00:TENANT by system and assume }",
|
||||||
"{ grant role:hs_hosting_asset#fir00:TENANT to role:hs_hosting_asset#fir00:AGENT by system and assume }",
|
"{ grant role:hs_hosting_asset#fir00:TENANT to role:hs_hosting_asset#fir00:AGENT by system and assume }",
|
||||||
"{ grant role:hs_hosting_asset#vm1011:TENANT to role:hs_hosting_asset#fir00:TENANT by system and assume }",
|
"{ grant role:hs_hosting_asset#vm1011:TENANT to role:hs_hosting_asset#fir00:TENANT by system and assume }",
|
||||||
|
"{ grant perm:hs_hosting_asset#fir00:SELECT to role:hs_hosting_asset#fir00:TENANT by system and assume }",
|
||||||
// referrer
|
|
||||||
"{ grant perm:hs_hosting_asset#fir00:SELECT to role:hs_hosting_asset#fir00:REFERRER by system and assume }",
|
|
||||||
"{ grant role:hs_hosting_asset#fir00:REFERRER to role:hs_hosting_asset#fir00:TENANT by system and assume }",
|
|
||||||
|
|
||||||
null));
|
null));
|
||||||
}
|
}
|
||||||
@ -199,7 +197,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Nested
|
@Nested
|
||||||
class FindByDebitorUuid {
|
class FindAssets {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void globalAdmin_withoutAssumedRole_canViewArbitraryAssetsOfAllDebitors() {
|
public void globalAdmin_withoutAssumedRole_canViewArbitraryAssetsOfAllDebitors() {
|
||||||
@ -218,7 +216,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void normalUser_canViewOnlyRelatedAsset() {
|
public void normalUser_canViewOnlyRelatedAssets() {
|
||||||
// given:
|
// given:
|
||||||
context("person-FirbySusan@example.com", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT");
|
context("person-FirbySusan@example.com", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT");
|
||||||
final var projectUuid = projectRepo.findByCaption("D-1000111 default project").stream()
|
final var projectUuid = projectRepo.findByCaption("D-1000111 default project").stream()
|
||||||
@ -235,7 +233,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void normalUser_canFilterAssetsRelatedToParentAsset() {
|
public void managedServerAgent_canFindAssetsRelatedToManagedServer() {
|
||||||
// given
|
// given
|
||||||
context("superuser-alex@hostsharing.net");
|
context("superuser-alex@hostsharing.net");
|
||||||
final var parentAssetUuid = assetRepo.findByIdentifier("vm1012").stream()
|
final var parentAssetUuid = assetRepo.findByIdentifier("vm1012").stream()
|
||||||
@ -253,6 +251,32 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
|||||||
"HsHostingAssetEntity(MARIADB_INSTANCE, vm1012.MariaDB.default, some default MariaDB instance, MANAGED_SERVER:vm1012)",
|
"HsHostingAssetEntity(MARIADB_INSTANCE, vm1012.MariaDB.default, some default MariaDB instance, MANAGED_SERVER:vm1012)",
|
||||||
"HsHostingAssetEntity(PGSQL_INSTANCE, vm1012.Postgresql.default, some default Postgresql instance, MANAGED_SERVER:vm1012)");
|
"HsHostingAssetEntity(PGSQL_INSTANCE, vm1012.Postgresql.default, some default Postgresql instance, MANAGED_SERVER:vm1012)");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void managedServerAgent_canFindRelatedEmailAddresses() {
|
||||||
|
// given
|
||||||
|
context("superuser-alex@hostsharing.net");
|
||||||
|
// FIXME: remove
|
||||||
|
// final var parentAssetUuid = assetRepo.findByIdentifier("vm1012").stream()
|
||||||
|
// .filter(ha -> ha.getType() == MANAGED_SERVER)
|
||||||
|
// .findAny().orElseThrow().getUuid();
|
||||||
|
|
||||||
|
// when
|
||||||
|
// context("superuser-alex@hostsharing.net", "hs_hosting_asset#vm1012:AGENT");
|
||||||
|
context("superuser-alex@hostsharing.net", "hs_hosting_asset#sec01:AGENT");
|
||||||
|
// FIXME: cleanup
|
||||||
|
// context("superuser-alex@hostsharing.net", "hs_hosting_asset#sec.example.org|MBOX:AGENT");
|
||||||
|
// context("superuser-alex@hostsharing.net", "hs_booking_project#D-1000212-D-1000212defaultproject:AGENT");
|
||||||
|
|
||||||
|
generateRbacDiagramForCurrentSubjects(RbacGrantsDiagramService.Include.ALL_NON_TEST_ENTITY_RELATED, "should-contain-email-addresses");
|
||||||
|
|
||||||
|
final var result = assetRepo.findAllByCriteria(null, null, EMAIL_ADDRESS);
|
||||||
|
|
||||||
|
// then
|
||||||
|
exactlyTheseAssetsAreReturned(
|
||||||
|
result,
|
||||||
|
"HsHostingAssetEntity(EMAIL_ADDRESS, test@sec.example.org, some E-Mail-Address, DOMAIN_MBOX_SETUP:sec.example.org|MBOX)");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Nested
|
@Nested
|
||||||
|
@ -928,17 +928,11 @@ public class ImportHostingAssets extends ImportOfficeData {
|
|||||||
assumeThatWeAreImportingControlledTestData();
|
assumeThatWeAreImportingControlledTestData();
|
||||||
|
|
||||||
final var haCount = jpaAttempt.transacted(() -> {
|
final var haCount = jpaAttempt.transacted(() -> {
|
||||||
context(rbacSuperuser);
|
|
||||||
// final var roles = em.createNativeQuery("select * from rbacrole_ev where roleidname like 'hs_office_relation%with-DEBITOR%'").getResultList();
|
|
||||||
final var roles = em.createNativeQuery("select * from rbacrole_ev where roleidname like 'hs_booking_project#D-10003%'").getResultList();
|
|
||||||
//context(rbacSuperuser, "hs_booking_project#D-1000300-mimdefaultproject:ADMIN");
|
|
||||||
context(rbacSuperuser, "hs_booking_project#D-1000300-mimdefaultproject:AGENT");
|
context(rbacSuperuser, "hs_booking_project#D-1000300-mimdefaultproject:AGENT");
|
||||||
final var result = em.createNativeQuery("select * from hs_hosting_asset where type='EMAIL_ADDRESS'")
|
return (Integer) em.createNativeQuery("select count(*) from hs_hosting_asset_rv where type='EMAIL_ADDRESS'", Integer.class)
|
||||||
.getResultList();
|
|
||||||
return (Integer) em.createNativeQuery("select count(*) from hs_hosting_asset where type='EMAIL_ADDRESS'", Integer.class)
|
|
||||||
.getSingleResult();
|
.getSingleResult();
|
||||||
}).assertSuccessful().returnedValue();
|
}).assertSuccessful().returnedValue();
|
||||||
assertThat(haCount).isEqualTo(71);
|
assertThat(haCount).isEqualTo(68);
|
||||||
}
|
}
|
||||||
|
|
||||||
// ============================================================================================
|
// ============================================================================================
|
||||||
|
Loading…
Reference in New Issue
Block a user