cdmlib-services/src/test/java/eu/etaxonomy/cdm/api/service/SecurityWithTransaction.java

   1
   2 package eu.etaxonomy.cdm.api.service;
   3
   4 import static org.junit.Assert.assertEquals;
   5 import static org.junit.Assert.assertFalse;
   6 import static org.junit.Assert.assertTrue;
   7
   8 import java.io.FileNotFoundException;
   9 import java.util.Iterator;
  10 import java.util.Set;
  11 import java.util.UUID;
  12
  13 import javax.sql.DataSource;
  14
  15 import org.junit.Assert;
  16 import org.apache.log4j.Logger;
  17 import org.junit.Before;
  18 import org.junit.Ignore;
  19 import org.junit.Test;
  20 import org.junit.runner.RunWith;
  21 import org.springframework.security.authentication.AuthenticationManager;
  22 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
  23 import org.springframework.security.core.Authentication;
  24 import org.springframework.security.core.context.SecurityContext;
  25 import org.springframework.security.core.context.SecurityContextHolder;
  26 import org.unitils.UnitilsJUnit4TestClassRunner;
  27 import org.unitils.database.annotations.TestDataSource;
  28 import org.unitils.database.annotations.Transactional;
  29 import org.unitils.database.util.TransactionMode;
  30 import org.unitils.dbunit.annotation.DataSet;
  31 import org.unitils.spring.annotation.SpringApplicationContext;
  32 import org.unitils.spring.annotation.SpringBeanByName;
  33
  34 import eu.etaxonomy.cdm.api.service.DeleteResult.DeleteStatus;
  35 import eu.etaxonomy.cdm.api.service.exception.DataChangeNoRollbackException;
  36 import eu.etaxonomy.cdm.model.description.Feature;
  37 import eu.etaxonomy.cdm.model.description.TaxonDescription;
  38 import eu.etaxonomy.cdm.model.description.TextData;
  39 import eu.etaxonomy.cdm.model.media.Media;
  40 import eu.etaxonomy.cdm.model.taxon.Taxon;
  41 import eu.etaxonomy.cdm.model.taxon.TaxonNode;
  42 import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmPermissionEvaluator;
  43 import eu.etaxonomy.cdm.test.integration.CdmTransactionalIntegrationTestWithSecurity;
  44
  45
  46
  47 /**
  48  * Test class only for development purposes, must be run in suite.
  49  *
  50  */
  51 //@RunWith(UnitilsJUnit4TestClassRunner.class)
  52 //@SpringApplicationContext({"/eu/etaxonomy/cdm/applicationContextSecurity.xml"})
  53 //@Transactional
  54 @Ignore // should be ignored
  55 @DataSet("SecurityTest.xml")
  56 public class SecurityWithTransaction extends CdmTransactionalIntegrationTestWithSecurity {
  57
  58     private static final Logger logger = Logger.getLogger(SecurityWithTransaction.class);
  59
  60     @SpringBeanByName
  61     private ITaxonService taxonService;
  62
  63     @SpringBeanByName
  64     private IDescriptionService descriptionService;
  65
  66     @SpringBeanByName
  67     private ITaxonNodeService taxonNodeService;
  68
  69     @SpringBeanByName
  70     private IUserService userService;
  71
  72
  73     @TestDataSource
  74     protected DataSource dataSource;
  75
  76     private Authentication authentication;
  77
  78     @SpringBeanByName
  79     private AuthenticationManager authenticationManager;
  80
  81     @SpringBeanByName
  82     private CdmPermissionEvaluator permissionEvaluator;
  83
  84     private UsernamePasswordAuthenticationToken token;
  85
  86
  87     @Before
  88     public void setUp(){
  89         token = new UsernamePasswordAuthenticationToken("admin", "sPePhAz6");
  90     }
  91
  92     @Test
  93     public void testDeleteTaxon(){
  94         token = new UsernamePasswordAuthenticationToken("taxonomist", "test4");
  95         authentication = authenticationManager.authenticate(token);
  96         SecurityContext context = SecurityContextHolder.getContext();
  97         context.setAuthentication(authentication);
  98         Taxon actualTaxon = (Taxon)taxonService.find(UUID.fromString("7b8b5cb3-37ba-4dba-91ac-4c6ffd6ac331"));
  99
 100         //try {
 101                 DeleteResult result = taxonService.deleteTaxon(actualTaxon, null, null);
 102                 /*} catch (DataChangeNoRollbackException e) {
 103                         Assert.fail();
 104                 }*/
 105                 if (!result.isOk()){
 106                         Assert.fail();
 107                 }
 108     }
 109
 110
 111     @Test
 112     public void testSaveOrUpdateDescription(){
 113
 114         authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("descriptionEditor", "test"));
 115         SecurityContext context = SecurityContextHolder.getContext();
 116         context.setAuthentication(authentication);
 117         /*Taxon taxon = (Taxon) taxonService.load(UUID.fromString("7b8b5cb3-37ba-4dba-91ac-4c6ffd6ac331"));
 118
 119         Set<TaxonDescription> descriptions = taxon.getDescriptions();
 120
 121         Iterator<TaxonDescription> iterator = descriptions.iterator();
 122
 123         TaxonDescription description = iterator.next();*/
 124         TaxonDescription description = (TaxonDescription) descriptionService.find(UUID.fromString("eb17b80a-9be6-4642-a6a8-b19a318925e6"));
 125
 126         TextData textData = new TextData();
 127         textData.setFeature(Feature.ECOLOGY());
 128         Media media = Media.NewInstance();
 129         textData.addMedia(media);
 130
 131
 132
 133         //descriptionService.saveDescriptionElement(textData);
 134         description.addElement(textData);
 135
 136         descriptionService.saveOrUpdate(description);
 137
 138         Taxon taxon = (Taxon) taxonService.find(UUID.fromString("7b8b5cb3-37ba-4dba-91ac-4c6ffd6ac331"));
 139         Set<TaxonDescription> descriptions = taxon.getDescriptions();
 140
 141         Iterator<TaxonDescription> iterator = descriptions.iterator();
 142
 143         description = iterator.next();
 144         assertEquals(1, descriptions.size());
 145         assertEquals(2,description.getElements().size());
 146
 147
 148
 149     }
 150
 151     @Test
 152     public void testAllowOnlyAccessToPartOfTree(){
 153         authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("partEditor", "test4"));
 154         SecurityContext context = SecurityContextHolder.getContext();
 155         context.setAuthentication(authentication);
 156
 157         Taxon tribe = (Taxon)taxonService.find(UUID.fromString("928a0167-98cd-4555-bf72-52116d067625"));
 158         Taxon taxon = (Taxon)taxonService.find(UUID.fromString("bc09aca6-06fd-4905-b1e7-cbf7cc65d783"));
 159         Iterator<TaxonNode> it = tribe.getTaxonNodes().iterator();
 160         TaxonNode node = it.next();
 161
 162         assertFalse(permissionEvaluator.hasPermission(authentication, node, "UPDATE"));
 163         node = node.getChildNodes().iterator().next();
 164
 165         System.err.println(node.getUuid());
 166
 167         assertTrue(permissionEvaluator.hasPermission(authentication, node, "UPDATE"));
 168         node = node.getChildNodes().iterator().next();
 169         assertTrue(permissionEvaluator.hasPermission(authentication, node, "UPDATE"));
 170         TaxonDescription description = TaxonDescription.NewInstance(taxon);
 171
 172         taxonNodeService.saveOrUpdate(node);
 173         assertFalse(permissionEvaluator.hasPermission(authentication, description, "UPDATE"));
 174
 175
 176     }
 177
 178     /* (non-Javadoc)
 179      * @see eu.etaxonomy.cdm.test.integration.CdmIntegrationTest#createTestData()
 180      */
 181     @Override
 182     protected void createTestDataSet() throws FileNotFoundException {
 183         // TODO Auto-generated method stub
 184
 185     }
 186
 187
 188 }