@Test public void hasPermissionToDeleteResourceRelationWhenUserHasPermissionToEditSpecificResourceGroupOnAllEnvironments(){ // given ResourceEntity app = resourceEntityBuilder.mockApplicationEntity("app", appResourceGroup, null); when(sessionContext.isCallerInRole(APP_DEVELOPER)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); myRoles = new HashMap<>(); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.UPDATE); res.setResourceGroup(appResourceGroup); myRoles.put(APP_DEVELOPER, Arrays.asList(new RestrictionDTOBuilder().mockRestrictionDTO(Permission.RESOURCE, res))); permissionService.rolesWithRestrictions = myRoles; // when boolean result = permissionService.hasPermissionToDeleteRelation(app, envC) && permissionService.hasPermissionToDeleteRelation(app, envZ); // then Assert.assertTrue(result); }
@Test public void hasNoPermissionToDeleteResourceRelationWhenUserHasPermissionToEditSpecificResourceGroupOnAllEnvironments(){ // given ResourceEntity app = resourceEntityBuilder.mockApplicationEntity("app", appResourceGroup, null); ResourceGroupEntity allowedApResourceGroup = new ResourceGroupEntity(); allowedApResourceGroup.setId(4321); allowedApResourceGroup.setResourceType(new ResourceTypeEntityBuilder().id(1).parentResourceType(null).build()); when(sessionContext.isCallerInRole(APP_DEVELOPER)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); myRoles = new HashMap<>(); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.UPDATE); res.setResourceGroup(allowedApResourceGroup); myRoles.put(APP_DEVELOPER, Arrays.asList(new RestrictionDTOBuilder().mockRestrictionDTO(Permission.RESOURCE, res))); permissionService.rolesWithRestrictions = myRoles; // when boolean result = permissionService.hasPermissionToDeleteRelation(app, envC); // then Assert.assertFalse(result); }
@Test public void shouldReturnFalseIfCallerHasDelegationPermissionButHisSimilarRestrictionIsRestrictedToAnExplicitResourceGroupAndTheOneHeWantsToDelegateIsNot() { // given ResourceTypeEntity resourceType = new ResourceTypeEntityBuilder().id(7).build(); ResourceGroupEntity resourceGroup = new ResourceGroupEntity(); resourceGroup.setId(23); resourceGroup.setResourceType(resourceType); when(sessionContext.isCallerInRole(CONFIG_ADMIN)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.ALL); PermissionEntity perm = new PermissionEntity(); perm.setValue(Permission.PERMISSION_DELEGATION.name()); res.setPermission(perm); RestrictionEntity res2 = new RestrictionEntity(); res2.setResourceGroup(resourceGroup); res2.setAction(Action.ALL); PermissionEntity perm2 = new PermissionEntity(); perm2.setValue(Permission.RESOURCE_PROPERTY_DECRYPT.name()); res2.setPermission(perm2); myRoles = new HashMap<>(); permissionService.rolesWithRestrictions = myRoles; when(permissionRepository.getUserWithRestrictions(anyString())).thenReturn(Arrays.asList(res, res2)); // when boolean result = permissionService.hasPermissionToDelegatePermission(Permission.RESOURCE_PROPERTY_DECRYPT, null, null, null, Action.CREATE); // then Assert.assertFalse(result); }
@Test public void shouldReturnTrueIfCallerHasDelegationPermissionAndHisSimilarRestrictionIsRestrictedToAnExplicitResourceGroupAndAnExplicitContextWhichIsTheParentOfTheOneHeWantsToDelegate() { // given ResourceTypeEntity resourceType = new ResourceTypeEntityBuilder().id(7).build(); ResourceGroupEntity resourceGroup = new ResourceGroupEntity(); resourceGroup.setId(23); resourceGroup.setResourceType(resourceType); when(sessionContext.isCallerInRole(CONFIG_ADMIN)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.ALL); PermissionEntity perm = new PermissionEntity(); perm.setValue(Permission.PERMISSION_DELEGATION.name()); res.setPermission(perm); RestrictionEntity res2 = new RestrictionEntity(); res2.setResourceGroup(resourceGroup); res2.setAction(Action.ALL); res2.setContext(test); PermissionEntity perm2 = new PermissionEntity(); perm2.setValue(Permission.RESOURCE_PROPERTY_DECRYPT.name()); res2.setPermission(perm2); myRoles = new HashMap<>(); permissionService.rolesWithRestrictions = myRoles; when(permissionRepository.getUserWithRestrictions(anyString())).thenReturn(Arrays.asList(res, res2)); // when boolean result = permissionService.hasPermissionToDelegatePermission(Permission.RESOURCE_PROPERTY_DECRYPT, resourceGroup, null, envC, Action.CREATE); // then Assert.assertTrue(result); }
@Test public void shouldReturnFalseIfCallerHasDelegationPermissionButHisSimilarRestrictionIsRestrictedToAnExplicitContextAndTheOneHeWantsToDelegateIsNot() { // given ResourceTypeEntity resourceType = new ResourceTypeEntityBuilder().id(7).build(); ResourceGroupEntity resourceGroup = new ResourceGroupEntity(); resourceGroup.setId(23); resourceGroup.setResourceType(resourceType); when(sessionContext.isCallerInRole(CONFIG_ADMIN)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.ALL); PermissionEntity perm = new PermissionEntity(); perm.setValue(Permission.PERMISSION_DELEGATION.name()); res.setPermission(perm); RestrictionEntity res2 = new RestrictionEntity(); res2.setResourceGroup(resourceGroup); res2.setAction(Action.ALL); res2.setContext(envC); PermissionEntity perm2 = new PermissionEntity(); perm2.setValue(Permission.RESOURCE_PROPERTY_DECRYPT.name()); res2.setPermission(perm2); myRoles = new HashMap<>(); permissionService.rolesWithRestrictions = myRoles; when(permissionRepository.getUserWithRestrictions(anyString())).thenReturn(Arrays.asList(res, res2)); // when boolean result = permissionService.hasPermissionToDelegatePermission(Permission.RESOURCE_PROPERTY_DECRYPT, resourceGroup, null, null, Action.CREATE); // then Assert.assertFalse(result); }
newRestriction.setContext(test); newRestriction.setPermission(permission); newRestriction.setResourceGroup(resourceGroup);
newRestriction.setContext(envC); newRestriction.setPermission(permission); newRestriction.setResourceGroup(resourceGroup);
newRestriction.setContext(envC); newRestriction.setPermission(permission); newRestriction.setResourceGroup(resourceGroup);
@Test public void shouldReturnFalseIfASimilarButMoreResourceGroupRestrictedUserRestrictionExists() { // given UserRestrictionEntity userRestrictionEntity = new UserRestrictionEntity(); userRestrictionEntity.setName("tester"); PermissionEntity permission = new PermissionEntity(); permission.setValue(Permission.RESOURCE.name()); ResourceTypeEntity resourceType = new ResourceTypeEntityBuilder().id(7).build(); ResourceGroupEntity resourceGroup = new ResourceGroupEntity(); resourceGroup.setId(23); resourceGroup.setResourceType(resourceType); RestrictionEntity existingRestriction = new RestrictionEntity(); existingRestriction.setUser(userRestrictionEntity); existingRestriction.setAction(Action.UPDATE); existingRestriction.setContext(envC); existingRestriction.setPermission(permission); existingRestriction.setResourceGroup(resourceGroup); RestrictionEntity newRestriction = new RestrictionEntity(); newRestriction.setUser(userRestrictionEntity); newRestriction.setAction(Action.UPDATE); newRestriction.setContext(envC); newRestriction.setPermission(permission); myRoles = new HashMap<>(); permissionService.rolesWithRestrictions = myRoles; when(permissionRepository.getUserWithRestrictions("tester")).thenReturn(Arrays.asList(existingRestriction)); // when boolean exists = permissionService.identicalOrMoreGeneralRestrictionExists(newRestriction); // then Assert.assertFalse(exists); }
res.setResourceGroup(resGroup1); PermissionEntity permission = new PermissionEntity(); permission.setValue(Permission.DEPLOYMENT.name()); RestrictionEntity res2 = new RestrictionEntity(); res2.setAction(Action.ALL); res2.setResourceGroup(resGroup2); PermissionEntity permission2 = new PermissionEntity(); permission2.setValue(Permission.DEPLOYMENT.name());
@Test public void shouldReturnTrueIfASimilarRoleRestrictionAlreadyExists() { // given RoleEntity role = new RoleEntity(); role.setName(CONFIG_ADMIN); PermissionEntity permission = new PermissionEntity(); permission.setValue(Permission.RESOURCE.name()); ResourceTypeEntity resourceType = new ResourceTypeEntityBuilder().id(7).build(); ResourceGroupEntity resourceGroup = new ResourceGroupEntity(); resourceGroup.setId(23); resourceGroup.setResourceType(resourceType); RestrictionEntity existingRestriction = new RestrictionEntity(); existingRestriction.setRole(role); existingRestriction.setAction(Action.UPDATE); existingRestriction.setContext(envC); existingRestriction.setPermission(permission); RestrictionEntity newRestriction = new RestrictionEntity(); newRestriction.setRole(role); newRestriction.setAction(Action.UPDATE); newRestriction.setContext(envC); newRestriction.setPermission(permission); newRestriction.setResourceGroup(resourceGroup); myRoles = new HashMap<>(); myRoles.put(role.getName(), Arrays.asList(new RestrictionDTOBuilder().buildRestrictionDTO(Permission.RESOURCE, existingRestriction))); permissionService.rolesWithRestrictions = myRoles; // when boolean exists = permissionService.identicalOrMoreGeneralRestrictionExists(newRestriction); // then Assert.assertTrue(exists); }
@Test public void shouldReturnFalseIfASimilarButMoreResourceGroupRestrictedRoleRestrictionExists() { // given RoleEntity role = new RoleEntity(); role.setName(CONFIG_ADMIN); PermissionEntity permission = new PermissionEntity(); permission.setValue(Permission.RESOURCE.name()); ResourceTypeEntity resourceType = new ResourceTypeEntityBuilder().id(7).build(); ResourceGroupEntity resourceGroup = new ResourceGroupEntity(); resourceGroup.setId(23); resourceGroup.setResourceType(resourceType); RestrictionEntity existingRestriction = new RestrictionEntity(); existingRestriction.setRole(role); existingRestriction.setAction(Action.UPDATE); existingRestriction.setContext(envC); existingRestriction.setPermission(permission); existingRestriction.setResourceGroup(resourceGroup); RestrictionEntity newRestriction = new RestrictionEntity(); newRestriction.setRole(role); newRestriction.setAction(Action.UPDATE); newRestriction.setContext(envC); newRestriction.setPermission(permission); myRoles = new HashMap<>(); myRoles.put(role.getName(), Arrays.asList(new RestrictionDTOBuilder().buildRestrictionDTO(Permission.RESOURCE, existingRestriction))); permissionService.rolesWithRestrictions = myRoles; // when boolean exists = permissionService.identicalOrMoreGeneralRestrictionExists(newRestriction); // then Assert.assertFalse(exists); }
newRestriction.setContext(envC); newRestriction.setPermission(permission); newRestriction.setResourceGroup(resourceGroup); newRestriction.setId(1);
newRestriction.setContext(envC); newRestriction.setPermission(permission); newRestriction.setResourceGroup(resourceGroup); newRestriction.setId(1);
restriction.setResourceGroup(resourceGroup);