@Before public void setup() { permissionBoundary = new PermissionBoundary(); restrictionRepository = Mockito.mock(RestrictionRepository.class); permissionBoundary.restrictionRepository = restrictionRepository; permissionRepository = Mockito.mock(PermissionRepository.class); permissionBoundary.permissionRepository = permissionRepository; contextLocator = Mockito.mock(ContextLocator.class); permissionBoundary.contextLocator = contextLocator; resourceTypeRepository = Mockito.mock(ResourceTypeRepository.class); permissionBoundary.resourceTypeRepository = resourceTypeRepository; resourceTypeProvider = Mockito.mock(ResourceTypeProvider.class); permissionBoundary.resourceTypeProvider = resourceTypeProvider; resourceGroupRepository = Mockito.mock(ResourceGroupRepository.class); permissionBoundary.resourceGroupRepository = resourceGroupRepository; resourceRepository = Mockito.mock(ResourceRepository.class); permissionBoundary.resourceRepository = resourceRepository; permissionService = Mockito.mock(PermissionService.class); permissionBoundary.permissionService = permissionService; entityManager = Mockito.mock(EntityManager.class); permissionBoundary.entityManager = entityManager; resourcePermission = new PermissionEntity(); resourcePermission.setValue("RESOURCE"); resourceTypePermission = new PermissionEntity(); resourceTypePermission.setValue("RESOURCETYPE"); }
@Test public void shouldReturnFalseIfCallerHasDelegationPermissionButNotSimilarRestriction() { // given when(sessionContext.isCallerInRole(CONFIG_ADMIN)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.ALL); PermissionEntity perm = new PermissionEntity(); perm.setValue(Permission.PERMISSION_DELEGATION.name()); res.setPermission(perm); myRoles = new HashMap<>(); permissionService.rolesWithRestrictions = myRoles; when(permissionRepository.getUserWithRestrictions(anyString())).thenReturn(Arrays.asList(res)); // when boolean result = permissionService.hasPermissionToDelegatePermission(Permission.RESOURCE_PROPERTY_DECRYPT, null, null, null, Action.CREATE); // then Assert.assertFalse(result); }
@Test public void shouldReturnFalseIfCallerHasNoDelegationPermission() { // given when(sessionContext.isCallerInRole(CONFIG_ADMIN)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.ALL); PermissionEntity perm = new PermissionEntity(); perm.setValue(Permission.RESOURCE_PROPERTY_DECRYPT.name()); res.setPermission(perm); myRoles = new HashMap<>(); permissionService.rolesWithRestrictions = myRoles; when(permissionRepository.getUserWithRestrictions(anyString())).thenReturn(Arrays.asList(res)); // when boolean result = permissionService.hasPermissionToDelegatePermission(Permission.RESOURCE_PROPERTY_DECRYPT, null, null, null, Action.CREATE); // then Assert.assertFalse(result); }
public RestrictionDTO buildRestrictionDTO(Permission permission, RestrictionEntity restrictionEntity) { PermissionEntity pe = new PermissionEntity(); pe.setValue(permission.name()); restrictionEntity.setPermission(pe); RestrictionDTO dto = new RestrictionDTO(restrictionEntity); return dto; } }
@Before public void setUp(){ rol = new RoleEntity(); rol.setName("testRole"); per = new PermissionEntity(); per.setValue("testPermission"); }
@Test public void shouldReturnTrueIfCallerHasDelegationPermissionAndSimilarRestriction() { // given when(sessionContext.isCallerInRole(CONFIG_ADMIN)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.ALL); PermissionEntity perm = new PermissionEntity(); perm.setValue(Permission.PERMISSION_DELEGATION.name()); res.setPermission(perm); RestrictionEntity res2 = new RestrictionEntity(); res2.setAction(Action.ALL); PermissionEntity perm2 = new PermissionEntity(); perm2.setValue(Permission.RESOURCE_PROPERTY_DECRYPT.name()); res2.setPermission(perm2); myRoles = new HashMap<>(); permissionService.rolesWithRestrictions = myRoles; when(permissionRepository.getUserWithRestrictions(anyString())).thenReturn(Arrays.asList(res, res2)); // when boolean result = permissionService.hasPermissionToDelegatePermission(Permission.RESOURCE_PROPERTY_DECRYPT, null, null, null, Action.CREATE); // then Assert.assertTrue(result); }
@Test public void shouldNotAllowToRemoveInstanceOfNonDefaultResTypeIfHasPermissionToDeleteInstancesOfDefaultResourceTypeOnly(){ // given ResourceTypeEntity nonDefaultResType = new ResourceTypeEntity(); when(sessionContext.isCallerInRole(SERVER_ADMIN)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); myRoles = new HashMap<>(); PermissionEntity permission = new PermissionEntity(); permission.setValue(Permission.RESOURCE.name()); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.DELETE); res.setResourceTypePermission(ResourceTypePermission.DEFAULT_ONLY); res.setPermission(permission); myRoles.put(SERVER_ADMIN, Arrays.asList(new RestrictionDTO(res))); permissionService.rolesWithRestrictions = myRoles; // when boolean result = permissionService.hasPermissionToRemoveInstanceOfResType(nonDefaultResType); // then Assert.assertFalse(result); }
@Test public void shouldSucceedIfAPermissionIsRequiredOnAllContextsAndGrantedToUserOnAllContext() { // given ResourceTypeEntity resourceType = new ResourceTypeEntityBuilder().id(7).build(); ResourceGroupEntity resourceGroup = new ResourceGroupEntity(); resourceGroup.setId(23); resourceGroup.setResourceType(resourceType); when(sessionContext.isCallerInRole(CONFIG_ADMIN)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.ALL); PermissionEntity perm = new PermissionEntity(); perm.setValue(Permission.RESOURCE_PROPERTY_DECRYPT.name()); res.setPermission(perm); myRoles = new HashMap<>(); permissionService.rolesWithRestrictions = myRoles; when(permissionRepository.getUserWithRestrictions(anyString())).thenReturn(Arrays.asList(res)); // when boolean result = permissionService.hasPermissionOnAllContext(Permission.RESOURCE_PROPERTY_DECRYPT, Action.ALL, resourceGroup, null); // then Assert.assertTrue(result); }
@Test public void shouldNotAllowToRemoveDefaultInstanceOfResTypeIfHasPermissionForResourcesOnly(){ // given ResourceTypeEntity applicationResTypeEntity = new ResourceTypeEntity(); applicationResTypeEntity.setName(DefaultResourceTypeDefinition.APPLICATION.name()); when(sessionContext.isCallerInRole(CONFIG_ADMIN)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); myRoles = new HashMap<>(); PermissionEntity permission = new PermissionEntity(); permission.setValue(Permission.RESOURCE.name()); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.DELETE); res.setResourceTypePermission(ResourceTypePermission.NON_DEFAULT_ONLY); res.setPermission(permission); myRoles.put(CONFIG_ADMIN, Arrays.asList(new RestrictionDTO(res))); permissionService.rolesWithRestrictions = myRoles; // when boolean result = permissionService.hasPermissionToRemoveInstanceOfResType(applicationResTypeEntity); // then Assert.assertFalse(result); }
@Test public void shouldAllowToRemoveDefaultInstanceOfResTypeIfHasPermissionToDeleteInstancesOfDefaultResourceType(){ // given ResourceTypeEntity applicationResTypeEntity = new ResourceTypeEntity(); applicationResTypeEntity.setName(DefaultResourceTypeDefinition.APPLICATION.name()); when(sessionContext.isCallerInRole(SERVER_ADMIN)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); myRoles = new HashMap<>(); PermissionEntity permission = new PermissionEntity(); permission.setValue(Permission.RESOURCE.name()); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.ALL); res.setResourceTypePermission(ResourceTypePermission.DEFAULT_ONLY); res.setPermission(permission); myRoles.put(SERVER_ADMIN, Arrays.asList(new RestrictionDTO(res))); permissionService.rolesWithRestrictions = myRoles; // when boolean result = permissionService.hasPermissionToRemoveInstanceOfResType(applicationResTypeEntity); // then Assert.assertTrue(result); }
@Test public void shouldResetRestrictionPropertiesIfPermissionIsOld() throws AMWException { // given PermissionEntity globalPerm = new PermissionEntity(); globalPerm.setValue("APP_TAB"); RestrictionEntity restriction = new RestrictionEntity(); when(permissionRepository.getRoleByName("existing")).thenReturn(new RoleEntity()); when(permissionRepository.getPermissionByName("good")).thenReturn(globalPerm); // when permissionBoundary.validateRestriction("existing", null, "good", 1, null, ResourceTypePermission.NON_DEFAULT_ONLY, "X", CREATE, restriction); // then assertThat(restriction.getResourceTypePermission(), is(ResourceTypePermission.ANY)); assertThat(restriction.getAction(), is(ALL)); assertNull(restriction.getContext()); assertNull(restriction.getResourceGroup()); assertNull(restriction.getResourceType()); }
@Test public void shouldSucceedIfAPermissionCheckIsDoneWithoutContextAndPermissionIsGrantedToUserOnSpecificContext() { // given ResourceTypeEntity resourceType = new ResourceTypeEntityBuilder().id(7).build(); ResourceGroupEntity resourceGroup = new ResourceGroupEntity(); resourceGroup.setId(23); resourceGroup.setResourceType(resourceType); when(sessionContext.isCallerInRole(CONFIG_ADMIN)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.UPDATE); res.setContext(envC); PermissionEntity perm = new PermissionEntity(); perm.setValue(Permission.RESOURCE.name()); res.setPermission(perm); myRoles = new HashMap<>(); permissionService.rolesWithRestrictions = myRoles; when(permissionRepository.getUserWithRestrictions(anyString())).thenReturn(Arrays.asList(res)); // when boolean result = permissionService.hasPermission(Permission.RESOURCE, null, Action.UPDATE, resourceGroup, null); // then Assert.assertTrue(result); }
@Test public void shouldFailIfAPermissionIsRequiredOnAllContextsButOnlyGrantedToUserOnASpecificContext() { // given ResourceTypeEntity resourceType = new ResourceTypeEntityBuilder().id(7).build(); ResourceGroupEntity resourceGroup = new ResourceGroupEntity(); resourceGroup.setId(23); resourceGroup.setResourceType(resourceType); when(sessionContext.isCallerInRole(CONFIG_ADMIN)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.ALL); res.setContext(envC); PermissionEntity perm = new PermissionEntity(); perm.setValue(Permission.RESOURCE_PROPERTY_DECRYPT.name()); res.setPermission(perm); myRoles = new HashMap<>(); permissionService.rolesWithRestrictions = myRoles; when(permissionRepository.getUserWithRestrictions(anyString())).thenReturn(Arrays.asList(res)); // when boolean result = permissionService.hasPermissionOnAllContext(Permission.RESOURCE_PROPERTY_DECRYPT, Action.ALL, resourceGroup, null); // then Assert.assertFalse(result); }
@Test public void shouldReturnTrueIfASameUserRestrictionAlreadyExists() { // given UserRestrictionEntity userRestrictionEntity = new UserRestrictionEntity(); userRestrictionEntity.setName("tester"); PermissionEntity permission = new PermissionEntity(); permission.setValue(Permission.RESOURCE.name()); RestrictionEntity restriction = new RestrictionEntity(); restriction.setUser(userRestrictionEntity); restriction.setAction(Action.UPDATE); restriction.setContext(envC); restriction.setPermission(permission); myRoles = new HashMap<>(); permissionService.rolesWithRestrictions = myRoles; when(permissionRepository.getUserWithRestrictions("tester")).thenReturn(Arrays.asList(restriction)); // when boolean exists = permissionService.identicalOrMoreGeneralRestrictionExists(restriction); // then Assert.assertTrue(exists); }
@Test public void shouldReturnFalseIfASimilarButActionRestrictedUserRestrictionExists() { // given UserRestrictionEntity userRestrictionEntity = new UserRestrictionEntity(); userRestrictionEntity.setName("tester"); PermissionEntity permission = new PermissionEntity(); permission.setValue(Permission.RESOURCE.name()); RestrictionEntity existingRestriction = new RestrictionEntity(); existingRestriction.setUser(userRestrictionEntity); existingRestriction.setAction(Action.UPDATE); existingRestriction.setPermission(permission); RestrictionEntity newRestriction = new RestrictionEntity(); newRestriction.setUser(userRestrictionEntity); newRestriction.setAction(Action.ALL); newRestriction.setPermission(permission); myRoles = new HashMap<>(); permissionService.rolesWithRestrictions = myRoles; when(permissionRepository.getUserWithRestrictions("tester")).thenReturn(Arrays.asList(existingRestriction)); // when boolean exists = permissionService.identicalOrMoreGeneralRestrictionExists(newRestriction); // then Assert.assertFalse(exists); }
@Test public void shouldReturnTrueIfASimilarButNotActionRestrictedUserRestrictionExists() { // given UserRestrictionEntity userRestrictionEntity = new UserRestrictionEntity(); userRestrictionEntity.setName("tester"); PermissionEntity permission = new PermissionEntity(); permission.setValue(Permission.RESOURCE.name()); RestrictionEntity existingRestriction = new RestrictionEntity(); existingRestriction.setUser(userRestrictionEntity); existingRestriction.setAction(Action.ALL); existingRestriction.setPermission(permission); RestrictionEntity newRestriction = new RestrictionEntity(); newRestriction.setUser(userRestrictionEntity); newRestriction.setAction(Action.READ); newRestriction.setPermission(permission); myRoles = new HashMap<>(); permissionService.rolesWithRestrictions = myRoles; when(permissionRepository.getUserWithRestrictions("tester")).thenReturn(Arrays.asList(existingRestriction)); // when boolean exists = permissionService.identicalOrMoreGeneralRestrictionExists(newRestriction); // then Assert.assertTrue(exists); }
@Test public void shouldReturnTrueIfASameRoleRestrictionAlreadyExists() { // given RoleEntity role = new RoleEntity(); role.setName(CONFIG_ADMIN); PermissionEntity permission = new PermissionEntity(); permission.setValue(Permission.RESOURCE.name()); RestrictionEntity restriction = new RestrictionEntity(); restriction.setRole(role); restriction.setAction(Action.UPDATE); restriction.setContext(envC); restriction.setPermission(permission); myRoles = new HashMap<>(); myRoles.put(role.getName(), Arrays.asList(new RestrictionDTOBuilder().buildRestrictionDTO(Permission.RESOURCE, restriction))); permissionService.rolesWithRestrictions = myRoles; // when boolean exists = permissionService.identicalOrMoreGeneralRestrictionExists(restriction); // then Assert.assertTrue(exists); }
@Test public void shouldReturnTrueIfASimilarButNotContextRestrictedUserRestrictionExists() { // given UserRestrictionEntity userRestrictionEntity = new UserRestrictionEntity(); userRestrictionEntity.setName("tester"); PermissionEntity permission = new PermissionEntity(); permission.setValue(Permission.RESOURCE.name()); RestrictionEntity existingRestriction = new RestrictionEntity(); existingRestriction.setUser(userRestrictionEntity); existingRestriction.setAction(Action.UPDATE); existingRestriction.setPermission(permission); RestrictionEntity newRestriction = new RestrictionEntity(); newRestriction.setUser(userRestrictionEntity); newRestriction.setAction(Action.UPDATE); newRestriction.setPermission(permission); newRestriction.setContext(envC); myRoles = new HashMap<>(); permissionService.rolesWithRestrictions = myRoles; when(permissionRepository.getUserWithRestrictions("tester")).thenReturn(Arrays.asList(existingRestriction)); // when boolean exists = permissionService.identicalOrMoreGeneralRestrictionExists(newRestriction); // then Assert.assertTrue(exists); }
@Test public void shouldReturnTrueIfASimilarButLessContextRestrictedUserRestrictionExists() { // given UserRestrictionEntity userRestrictionEntity = new UserRestrictionEntity(); userRestrictionEntity.setName("tester"); PermissionEntity permission = new PermissionEntity(); permission.setValue(Permission.RESOURCE.name()); RestrictionEntity existingRestriction = new RestrictionEntity(); existingRestriction.setUser(userRestrictionEntity); existingRestriction.setAction(Action.UPDATE); existingRestriction.setContext(test); existingRestriction.setPermission(permission); RestrictionEntity newRestriction = new RestrictionEntity(); newRestriction.setUser(userRestrictionEntity); newRestriction.setAction(Action.UPDATE); newRestriction.setContext(envC); newRestriction.setPermission(permission); myRoles = new HashMap<>(); permissionService.rolesWithRestrictions = myRoles; when(permissionRepository.getUserWithRestrictions("tester")).thenReturn(Arrays.asList(existingRestriction)); // when boolean exists = permissionService.identicalOrMoreGeneralRestrictionExists(newRestriction); // then Assert.assertTrue(exists); }
@Test public void shouldReturnFalseIfASimilarButMoreResourceGroupRestrictedUserRestrictionExists() { // given UserRestrictionEntity userRestrictionEntity = new UserRestrictionEntity(); userRestrictionEntity.setName("tester"); PermissionEntity permission = new PermissionEntity(); permission.setValue(Permission.RESOURCE.name()); ResourceTypeEntity resourceType = new ResourceTypeEntityBuilder().id(7).build(); ResourceGroupEntity resourceGroup = new ResourceGroupEntity(); resourceGroup.setId(23); resourceGroup.setResourceType(resourceType); RestrictionEntity existingRestriction = new RestrictionEntity(); existingRestriction.setUser(userRestrictionEntity); existingRestriction.setAction(Action.UPDATE); existingRestriction.setContext(envC); existingRestriction.setPermission(permission); existingRestriction.setResourceGroup(resourceGroup); RestrictionEntity newRestriction = new RestrictionEntity(); newRestriction.setUser(userRestrictionEntity); newRestriction.setAction(Action.UPDATE); newRestriction.setContext(envC); newRestriction.setPermission(permission); myRoles = new HashMap<>(); permissionService.rolesWithRestrictions = myRoles; when(permissionRepository.getUserWithRestrictions("tester")).thenReturn(Arrays.asList(existingRestriction)); // when boolean exists = permissionService.identicalOrMoreGeneralRestrictionExists(newRestriction); // then Assert.assertFalse(exists); }