/** * Prevents removal of a role used by access rules Only checks if {@link #checkAgainstRules} is * <code>true</code> * * @param role * @throws IOException */ public void checkRoleIsUsed(GeoServerRole role) throws IOException { if (checkAgainstRules == false) return; GeoServerSecurityManager secMgr = getSecurityManager(); List<String> keys = new ArrayList<String>(); for (ServiceAccessRule rule : secMgr.getServiceAccessRuleDAO().getRulesAssociatedWithRole(role.getAuthority())) keys.add(rule.getKey()); for (DataAccessRule rule : secMgr.getDataAccessRuleDAO().getRulesAssociatedWithRole(role.getAuthority())) keys.add(rule.getKey()); if (keys.size() > 0) { String ruleString = StringUtils.collectionToCommaDelimitedString(keys); throw createSecurityException(ROLE_IN_USE_$2, role.getAuthority(), ruleString); } }
@Test public void testRulesForRole() { assertEquals(0, dao.getRulesAssociatedWithRole("CHALLENGE").size()); assertEquals(0, dao.getRulesAssociatedWithRole("NOTEXISTEND").size()); assertEquals(1, dao.getRulesAssociatedWithRole("ROLE_TSW").size()); assertEquals(1, dao.getRulesAssociatedWithRole("ROLE_TW").size()); assertEquals(1, dao.getRulesAssociatedWithRole("ROLE_GROUP").size()); }
expect(dataAccessDAO.getRulesAssociatedWithRole("role1")) .andReturn( new TreeSet<DataAccessRule>(Arrays.asList(dataAccessRule))) .anyTimes(); expect(dataAccessDAO.getRulesAssociatedWithRole("parent1")) .andReturn(new TreeSet<DataAccessRule>()) .anyTimes();