String exampleRoleLink = createRole(target, userGroupLink, exampleServiceResourceGroupLink, new HashSet<>(Arrays.asList(Action.GET, Action.POST))); setRoleLink(exampleRoleLink); paths.add(exampleRoleLink); paths.add(createRole(target, userGroupLink, exampleServiceResourceGroupLink, new HashSet<>(Collections.singletonList(Action.PATCH)))); paths.add(createRole(target, userGroupLink, queryTaskResourceGroupLink, new HashSet<>(Arrays.asList(Action.GET, Action.POST, Action.PATCH, Action.DELETE)))); paths.add(createRole(target, userGroupLink, statsResourceGroupLink, new HashSet<>( Arrays.asList(Action.GET, Action.POST, Action.PATCH, Action.DELETE)))); paths.add(createRole(target, userGroupLink, subscriptionsResourceGroupLink, new HashSet<>( Arrays.asList(Action.GET, Action.POST, Action.PATCH, Action.DELETE))));
String exampleRoleLink = createRole(target, userGroupLink, exampleServiceResourceGroupLink, new HashSet<>(Arrays.asList(Action.GET, Action.POST))); setRoleLink(exampleRoleLink); paths.add(exampleRoleLink); paths.add(createRole(target, userGroupLink, exampleServiceResourceGroupLink, new HashSet<>(Collections.singletonList(Action.PATCH)))); paths.add(createRole(target, userGroupLink, queryTaskResourceGroupLink, new HashSet<>(Arrays.asList(Action.GET, Action.POST, Action.PATCH, Action.DELETE)))); paths.add(createRole(target, userGroupLink, statsResourceGroupLink, new HashSet<>( Arrays.asList(Action.GET, Action.POST, Action.PATCH, Action.DELETE)))); paths.add(createRole(target, userGroupLink, subscriptionsResourceGroupLink, new HashSet<>( Arrays.asList(Action.GET, Action.POST, Action.PATCH, Action.DELETE))));
serviceName).build(); String resourceGroupLink = authsetupHelper.createResourceGroup(this.host, serviceName, resourceQuery); authsetupHelper.createRole(this.host, userGroupLink, resourceGroupLink, EnumSet.allOf(Action.class)); this.host.resetSystemAuthorizationContext(); this.host.assumeIdentity(userLink);
serviceName).build(); String resourceGroupLink = authsetupHelper.createResourceGroup(this.host, serviceName, resourceQuery); authsetupHelper.createRole(this.host, userGroupLink, resourceGroupLink, EnumSet.allOf(Action.class)); this.host.resetSystemAuthorizationContext(); this.host.assumeIdentity(userLink);
this.authHelper.createRole(this.host, userGroupLink, exampleServiceResourceGroupLink, new HashSet<>(Arrays.asList(Action.GET, Action.POST, Action.PATCH)));
this.authHelper.createRole(this.host, userGroupLink, exampleServiceResourceGroupLink, new HashSet<>(Arrays.asList(Action.GET, Action.POST, Action.PATCH)));
Operation.createGet(UriUtils.buildUri(this.host, services.get(0).getSelfLink()))); OperationContext.setAuthorizationContext(this.host.getSystemAuthorizationContext()); authsetupHelper.createRole(this.host, userGroupLink, resourceGroupLink, EnumSet.of(Action.GET));
Utils.buildKind(TransactionServiceState.class)) .build()); this.authHelper.createRole(this.host, this.authHelper.getUserGroupLink(), resourceGroupLink, EnumSet.allOf(Action.class)); this.host.resetAuthorizationContext();
@Test public void testInvalidUserAndResourceGroup() throws Throwable { OperationContext.setAuthorizationContext(this.host.getSystemAuthorizationContext()); AuthorizationHelper authsetupHelper = new AuthorizationHelper(this.host); String email = "foo@foo.com"; String userLink = authsetupHelper.createUserService(this.host, email); Query userGroupQuery = Query.Builder.create().addFieldClause(UserState.FIELD_NAME_EMAIL, email).build(); String userGroupLink = authsetupHelper.createUserGroup(this.host, email, userGroupQuery); authsetupHelper.createRole(this.host, userGroupLink, "foo", EnumSet.allOf(Action.class)); // Assume identity this.host.assumeIdentity(userLink); this.host.sendAndWaitExpectSuccess( Operation.createGet(UriUtils.buildUri(this.host, ExampleService.FACTORY_LINK))); // set an invalid userGroupLink for the user OperationContext.setAuthorizationContext(this.host.getSystemAuthorizationContext()); UserState patchUserState = new UserState(); patchUserState.userGroupLinks = Collections.singleton("foo"); this.host.sendAndWaitExpectSuccess( Operation.createPatch(UriUtils.buildUri(this.host, userLink)).setBody(patchUserState)); this.host.assumeIdentity(userLink); this.host.sendAndWaitExpectSuccess( Operation.createGet(UriUtils.buildUri(this.host, ExampleService.FACTORY_LINK))); }
@Test public void testInvalidUserAndResourceGroup() throws Throwable { OperationContext.setAuthorizationContext(this.host.getSystemAuthorizationContext()); AuthorizationHelper authsetupHelper = new AuthorizationHelper(this.host); String email = "foo@foo.com"; String userLink = authsetupHelper.createUserService(this.host, email); Query userGroupQuery = Query.Builder.create().addFieldClause(UserState.FIELD_NAME_EMAIL, email).build(); String userGroupLink = authsetupHelper.createUserGroup(this.host, email, userGroupQuery); authsetupHelper.createRole(this.host, userGroupLink, "foo", EnumSet.allOf(Action.class)); // Assume identity this.host.assumeIdentity(userLink); this.host.sendAndWaitExpectSuccess( Operation.createGet(UriUtils.buildUri(this.host, ExampleService.FACTORY_LINK))); // set an invalid userGroupLink for the user OperationContext.setAuthorizationContext(this.host.getSystemAuthorizationContext()); UserState patchUserState = new UserState(); patchUserState.userGroupLinks = Collections.singleton("foo"); this.host.sendAndWaitExpectSuccess( Operation.createPatch(UriUtils.buildUri(this.host, userLink)).setBody(patchUserState)); this.host.assumeIdentity(userLink); this.host.sendAndWaitExpectSuccess( Operation.createGet(UriUtils.buildUri(this.host, ExampleService.FACTORY_LINK))); }
Operation.createGet(UriUtils.buildUri(this.host, services.get(0).getSelfLink()))); OperationContext.setAuthorizationContext(this.host.getSystemAuthorizationContext()); authsetupHelper.createRole(this.host, userGroupLink, resourceGroupLink, EnumSet.of(Action.GET));
Utils.buildKind(TransactionServiceState.class)) .build()); this.authHelper.createRole(this.host, this.authHelper.getUserGroupLink(), resourceGroupLink, EnumSet.allOf(Action.class)); this.host.resetAuthorizationContext();
UriUtils.URI_PATH_CHAR + serviceLink) .build()); this.authHelper.createRole(this.host, this.authHelper.getUserGroupLink(), resourceGroupLink, new HashSet<>(Arrays.asList(Action.GET, Action.POST, Action.PATCH, Action.DELETE)));
UriUtils.URI_PATH_CHAR + serviceLink) .build()); this.authHelper.createRole(this.host, this.authHelper.getUserGroupLink(), resourceGroupLink, new HashSet<>(Arrays.asList(Action.GET, Action.POST, Action.PATCH, Action.DELETE)));