cdmlib-services/src/test/java/eu/etaxonomy/cdm/api/service/SecurityWithTransaction.java

   1
   2 package eu.etaxonomy.cdm.api.service;
   3
   4 import static org.junit.Assert.assertEquals;
   5 import static org.junit.Assert.assertFalse;
   6 import static org.junit.Assert.assertTrue;
   7
   8 import java.io.FileNotFoundException;
   9 import java.util.Iterator;
  10 import java.util.Set;
  11 import java.util.UUID;
  12
  13 import javax.sql.DataSource;
  14
  15 import org.apache.logging.log4j.LogManager;
  16 import org.apache.logging.log4j.Logger;
  17 import org.junit.Assert;
  18 import org.junit.Before;
  19 import org.junit.Ignore;
  20 import org.junit.Test;
  21 import org.springframework.security.authentication.AuthenticationManager;
  22 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
  23 import org.springframework.security.core.Authentication;
  24 import org.springframework.security.core.context.SecurityContext;
  25 import org.springframework.security.core.context.SecurityContextHolder;
  26 import org.unitils.database.annotations.TestDataSource;
  27 import org.unitils.dbunit.annotation.DataSet;
  28 import org.unitils.spring.annotation.SpringBeanByName;
  29
  30 import eu.etaxonomy.cdm.model.description.Feature;
  31 import eu.etaxonomy.cdm.model.description.TaxonDescription;
  32 import eu.etaxonomy.cdm.model.description.TextData;
  33 import eu.etaxonomy.cdm.model.media.Media;
  34 import eu.etaxonomy.cdm.model.taxon.Taxon;
  35 import eu.etaxonomy.cdm.model.taxon.TaxonNode;
  36 import eu.etaxonomy.cdm.persistence.permission.ICdmPermissionEvaluator;
  37 import eu.etaxonomy.cdm.test.integration.CdmTransactionalIntegrationTestWithSecurity;
  38
  39
  40
  41 /**
  42  * Test class only for development purposes, must be run in suite.
  43  */
  44 //@RunWith(UnitilsJUnit4TestClassRunner.class)
  45 //@SpringApplicationContext({"/eu/etaxonomy/cdm/applicationContextSecurity.xml"})
  46 //@Transactional
  47 @Ignore // should be ignored
  48 @DataSet("SecurityTest.xml")
  49 public class SecurityWithTransaction extends CdmTransactionalIntegrationTestWithSecurity {
  50
  51     @SuppressWarnings("unused")
  52     private static final Logger logger = LogManager.getLogger();
  53
  54     @SpringBeanByName
  55     private ITaxonService taxonService;
  56
  57     @SpringBeanByName
  58     private IDescriptionService descriptionService;
  59
  60     @SpringBeanByName
  61     private ITaxonNodeService taxonNodeService;
  62
  63     @SpringBeanByName
  64     private IUserService userService;
  65
  66     @TestDataSource
  67     protected DataSource dataSource;
  68
  69     private Authentication authentication;
  70
  71     @SpringBeanByName
  72     private AuthenticationManager authenticationManager;
  73
  74     @SpringBeanByName
  75     private ICdmPermissionEvaluator permissionEvaluator;
  76
  77     private UsernamePasswordAuthenticationToken token;
  78
  79     @Before
  80     public void setUp(){
  81         token = new UsernamePasswordAuthenticationToken("admin", "sPePhAz6");
  82     }
  83
  84     @Test
  85     public void testDeleteTaxon(){
  86         token = new UsernamePasswordAuthenticationToken("taxonomist", "test4");
  87         authentication = authenticationManager.authenticate(token);
  88         SecurityContext context = SecurityContextHolder.getContext();
  89         context.setAuthentication(authentication);
  90         Taxon actualTaxon = (Taxon)taxonService.find(UUID.fromString("7b8b5cb3-37ba-4dba-91ac-4c6ffd6ac331"));
  91
  92         //try {
  93                 DeleteResult result = taxonService.deleteTaxon(actualTaxon.getUuid(), null, null);
  94                 /*} catch (DataChangeNoRollbackException e) {
  95                         Assert.fail();
  96                 }*/
  97                 if (!result.isOk()){
  98                         Assert.fail();
  99                 }
 100     }
 101
 102     @Test
 103     public void testSaveOrUpdateDescription(){
 104
 105         authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("descriptionEditor", "test"));
 106         SecurityContext context = SecurityContextHolder.getContext();
 107         context.setAuthentication(authentication);
 108         /*Taxon taxon = (Taxon) taxonService.load(UUID.fromString("7b8b5cb3-37ba-4dba-91ac-4c6ffd6ac331"));
 109
 110         Set<TaxonDescription> descriptions = taxon.getDescriptions();
 111
 112         Iterator<TaxonDescription> iterator = descriptions.iterator();
 113
 114         TaxonDescription description = iterator.next();*/
 115         TaxonDescription description = (TaxonDescription) descriptionService.find(UUID.fromString("eb17b80a-9be6-4642-a6a8-b19a318925e6"));
 116
 117         TextData textData = new TextData();
 118         textData.setFeature(Feature.ECOLOGY());
 119         Media media = Media.NewInstance();
 120         textData.addMedia(media);
 121
 122         //descriptionService.saveDescriptionElement(textData);
 123         description.addElement(textData);
 124
 125         descriptionService.saveOrUpdate(description);
 126
 127         Taxon taxon = (Taxon) taxonService.find(UUID.fromString("7b8b5cb3-37ba-4dba-91ac-4c6ffd6ac331"));
 128         Set<TaxonDescription> descriptions = taxon.getDescriptions();
 129
 130         Iterator<TaxonDescription> iterator = descriptions.iterator();
 131
 132         description = iterator.next();
 133         assertEquals(1, descriptions.size());
 134         assertEquals(2,description.getElements().size());
 135     }
 136
 137     @Test
 138     public void testAllowOnlyAccessToPartOfTree(){
 139         authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("partEditor", "test4"));
 140         SecurityContext context = SecurityContextHolder.getContext();
 141         context.setAuthentication(authentication);
 142
 143         Taxon tribe = (Taxon)taxonService.find(UUID.fromString("928a0167-98cd-4555-bf72-52116d067625"));
 144         Taxon taxon = (Taxon)taxonService.find(UUID.fromString("bc09aca6-06fd-4905-b1e7-cbf7cc65d783"));
 145         Iterator<TaxonNode> it = tribe.getTaxonNodes().iterator();
 146         TaxonNode node = it.next();
 147
 148         assertFalse(permissionEvaluator.hasPermission(authentication, node, "UPDATE"));
 149         node = node.getChildNodes().iterator().next();
 150
 151         System.err.println(node.getUuid());
 152
 153         assertTrue(permissionEvaluator.hasPermission(authentication, node, "UPDATE"));
 154         node = node.getChildNodes().iterator().next();
 155         assertTrue(permissionEvaluator.hasPermission(authentication, node, "UPDATE"));
 156         TaxonDescription description = TaxonDescription.NewInstance(taxon);
 157
 158         taxonNodeService.saveOrUpdate(node);
 159         assertFalse(permissionEvaluator.hasPermission(authentication, description, "UPDATE"));
 160     }
 161
 162     @Override
 163     public void createTestDataSet() throws FileNotFoundException {}
 164 }