cdmlib-services/src/test/java/eu/etaxonomy/cdm/api/service/SecurityWithTransaction.java

   1
   2 package eu.etaxonomy.cdm.api.service;
   3
   4 import static org.junit.Assert.assertEquals;
   5 import static org.junit.Assert.assertFalse;
   6 import static org.junit.Assert.assertTrue;
   7
   8 import java.util.Iterator;
   9 import java.util.Set;
  10 import java.util.UUID;
  11
  12 import javax.sql.DataSource;
  13
  14 import org.apache.log4j.Logger;
  15 import org.junit.Before;
  16 import org.junit.Ignore;
  17 import org.junit.Test;
  18 import org.junit.runner.RunWith;
  19
  20 import org.springframework.security.authentication.AuthenticationManager;
  21 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
  22 import org.springframework.security.core.Authentication;
  23 import org.springframework.security.core.context.SecurityContext;
  24 import org.springframework.security.core.context.SecurityContextHolder;
  25 import org.unitils.UnitilsJUnit4TestClassRunner;
  26 import org.unitils.database.annotations.TestDataSource;
  27 import org.unitils.database.annotations.Transactional;
  28 import org.unitils.database.util.TransactionMode;
  29 import org.unitils.dbunit.annotation.DataSet;
  30 import org.unitils.spring.annotation.SpringApplicationContext;
  31 import org.unitils.spring.annotation.SpringBeanByName;
  32
  33 import eu.etaxonomy.cdm.model.description.Feature;
  34 import eu.etaxonomy.cdm.model.description.TaxonDescription;
  35 import eu.etaxonomy.cdm.model.description.TextData;
  36 import eu.etaxonomy.cdm.model.media.Media;
  37 import eu.etaxonomy.cdm.model.taxon.Taxon;
  38 import eu.etaxonomy.cdm.model.taxon.TaxonNode;
  39 import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmPermissionEvaluator;
  40 import eu.etaxonomy.cdm.test.integration.CdmTransactionalIntegrationTestWithSecurity;
  41
  42
  43
  44 /**
  45  * Test class only for development purposes, must be run in suite.
  46  *
  47  */
  48 //@RunWith(UnitilsJUnit4TestClassRunner.class)
  49 //@SpringApplicationContext({"/eu/etaxonomy/cdm/applicationContextSecurity.xml"})
  50 //@Transactional
  51 @Ignore // should be ignored
  52 @DataSet("SecurityTest.xml")
  53 public class SecurityWithTransaction extends CdmTransactionalIntegrationTestWithSecurity {
  54
  55     private static final Logger logger = Logger.getLogger(SecurityWithTransaction.class);
  56
  57     @SpringBeanByName
  58     private ITaxonService taxonService;
  59
  60     @SpringBeanByName
  61     private IDescriptionService descriptionService;
  62
  63     @SpringBeanByName
  64     private ITaxonNodeService taxonNodeService;
  65
  66     @SpringBeanByName
  67     private IUserService userService;
  68
  69
  70     @TestDataSource
  71     protected DataSource dataSource;
  72
  73     private Authentication authentication;
  74
  75     @SpringBeanByName
  76     private AuthenticationManager authenticationManager;
  77
  78     @SpringBeanByName
  79     private CdmPermissionEvaluator permissionEvaluator;
  80
  81     private UsernamePasswordAuthenticationToken token;
  82
  83
  84     @Before
  85     public void setUp(){
  86         token = new UsernamePasswordAuthenticationToken("admin", "sPePhAz6");
  87     }
  88
  89     @Test
  90     public void testDeleteTaxon(){
  91         token = new UsernamePasswordAuthenticationToken("taxonomist", "test4");
  92         authentication = authenticationManager.authenticate(token);
  93         SecurityContext context = SecurityContextHolder.getContext();
  94         context.setAuthentication(authentication);
  95         Taxon actualTaxon = (Taxon)taxonService.find(UUID.fromString("7b8b5cb3-37ba-4dba-91ac-4c6ffd6ac331"));
  96
  97         taxonService.delete(actualTaxon);
  98     }
  99
 100
 101     @Test
 102     public void testSaveOrUpdateDescription(){
 103
 104         authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("descriptionEditor", "test"));
 105         SecurityContext context = SecurityContextHolder.getContext();
 106         context.setAuthentication(authentication);
 107         /*Taxon taxon = (Taxon) taxonService.load(UUID.fromString("7b8b5cb3-37ba-4dba-91ac-4c6ffd6ac331"));
 108
 109         Set<TaxonDescription> descriptions = taxon.getDescriptions();
 110
 111         Iterator<TaxonDescription> iterator = descriptions.iterator();
 112
 113         TaxonDescription description = iterator.next();*/
 114         TaxonDescription description = (TaxonDescription) descriptionService.find(UUID.fromString("eb17b80a-9be6-4642-a6a8-b19a318925e6"));
 115
 116         TextData textData = new TextData();
 117         textData.setFeature(Feature.ECOLOGY());
 118         Media media = Media.NewInstance();
 119         textData.addMedia(media);
 120
 121
 122
 123         //descriptionService.saveDescriptionElement(textData);
 124         description.addElement(textData);
 125
 126         descriptionService.saveOrUpdate(description);
 127
 128         Taxon taxon = (Taxon) taxonService.find(UUID.fromString("7b8b5cb3-37ba-4dba-91ac-4c6ffd6ac331"));
 129         Set<TaxonDescription> descriptions = taxon.getDescriptions();
 130
 131         Iterator<TaxonDescription> iterator = descriptions.iterator();
 132
 133         description = iterator.next();
 134         assertEquals(1, descriptions.size());
 135         assertEquals(2,description.getElements().size());
 136
 137
 138
 139     }
 140
 141     @Test
 142     public void testAllowOnlyAccessToPartOfTree(){
 143         authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("partEditor", "test4"));
 144         SecurityContext context = SecurityContextHolder.getContext();
 145         context.setAuthentication(authentication);
 146
 147         Taxon tribe = (Taxon)taxonService.find(UUID.fromString("928a0167-98cd-4555-bf72-52116d067625"));
 148         Taxon taxon = (Taxon)taxonService.find(UUID.fromString("bc09aca6-06fd-4905-b1e7-cbf7cc65d783"));
 149         Iterator<TaxonNode> it = tribe.getTaxonNodes().iterator();
 150         TaxonNode node = it.next();
 151
 152         assertFalse(permissionEvaluator.hasPermission(authentication, node, "UPDATE"));
 153         node = node.getChildNodes().iterator().next();
 154
 155         System.err.println(node.getUuid());
 156
 157         assertTrue(permissionEvaluator.hasPermission(authentication, node, "UPDATE"));
 158         node = node.getChildNodes().iterator().next();
 159         assertTrue(permissionEvaluator.hasPermission(authentication, node, "UPDATE"));
 160         TaxonDescription description = TaxonDescription.NewInstance(taxon);
 161
 162         taxonNodeService.saveOrUpdate(node);
 163         assertFalse(permissionEvaluator.hasPermission(authentication, description, "UPDATE"));
 164
 165
 166     }
 167
 168
 169 }