package eu.etaxonomy.cdm.api.service;\r
\r
import static org.junit.Assert.assertEquals;\r
+import static org.junit.Assert.assertFalse;\r
import static org.junit.Assert.assertTrue;\r
\r
import java.util.Collection;\r
+import java.util.List;\r
import java.util.Set;\r
import java.util.UUID;\r
\r
import org.springframework.security.access.AccessDeniedException;\r
import org.springframework.security.authentication.AuthenticationManager;\r
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;\r
-import org.springframework.security.authentication.dao.ReflectionSaltSource;\r
import org.springframework.security.authentication.dao.SaltSource;\r
-import org.springframework.security.authentication.encoding.Md5PasswordEncoder;\r
import org.springframework.security.authentication.encoding.PasswordEncoder;\r
import org.springframework.security.core.Authentication;\r
import org.springframework.security.core.GrantedAuthority;\r
import eu.etaxonomy.cdm.database.EvaluationFailedException;\r
import eu.etaxonomy.cdm.model.common.User;\r
import eu.etaxonomy.cdm.model.description.DescriptionElementBase;\r
-import eu.etaxonomy.cdm.model.description.Distribution;\r
import eu.etaxonomy.cdm.model.description.Feature;\r
import eu.etaxonomy.cdm.model.description.TaxonDescription;\r
import eu.etaxonomy.cdm.model.description.TextData;\r
import eu.etaxonomy.cdm.model.taxon.TaxonBase;\r
import eu.etaxonomy.cdm.model.taxon.TaxonNode;\r
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmPermissionEvaluator;\r
+import eu.etaxonomy.cdm.persistence.hibernate.permission.Operation;\r
+import eu.etaxonomy.cdm.persistence.query.MatchMode;\r
import eu.etaxonomy.cdm.test.integration.CdmTransactionalIntegrationTestWithSecurity;\r
\r
\r
\r
private static final UUID UUID_ACHERONTIA_STYX = UUID.fromString("7b8b5cb3-37ba-4dba-91ac-4c6ffd6ac331");\r
\r
+ private static final UUID UUID_LACTUCA = UUID.fromString("b2b007a4-9c8c-43a1-8da4-20ed85464cf2");\r
+\r
private static final UUID PART_EDITOR_UUID = UUID.fromString("38a251bd-0ba4-426f-8fcb-5c09560749a7");\r
\r
private static final String PASSWORD_TAXON_EDITOR = "test2";\r
\r
private UsernamePasswordAuthenticationToken tokenForTaxonomist;\r
\r
+ private UsernamePasswordAuthenticationToken tokenForUserManager;\r
+\r
\r
@Before\r
public void setUp(){\r
/* User 'admin':\r
- ROLE_ADMIN\r
- - ALL.ADMIN\r
- TAXONBASE.READ\r
- TAXONBASE.CREATE\r
- TAXONBASE.DELETE\r
*/\r
tokenForAdmin = new UsernamePasswordAuthenticationToken("admin", PASSWORD_ADMIN);\r
\r
+ /* User 'userManager':\r
+ - ROLE_ADMIN\r
+ - TAXONBASE.READ\r
+ - TAXONBASE.CREATE\r
+ - TAXONBASE.DELETE\r
+ - TAXONBASE.UPDATE\r
+ */\r
+ tokenForUserManager = new UsernamePasswordAuthenticationToken("userManager", PASSWORD_ADMIN);\r
+\r
/* User 'taxonEditor':\r
- TAXONBASE.CREATE\r
- TAXONBASE.UPDATE\r
tokenForTaxonomist = new UsernamePasswordAuthenticationToken("taxonomist", "test4");\r
}\r
\r
+\r
/**\r
* no assertions in this test, since it is only used to create password hashes for test data\r
*/\r
public void testEncryptPassword(){\r
\r
String password = PASSWORD_ADMIN;\r
- User user = User.NewInstance("admin", "");\r
+ User user = User.NewInstance("userManager", "");\r
\r
Object salt = this.saltSource.getSalt(user);\r
String passwordEncrypted = passwordEncoder.encodePassword(password, salt);\r
logger.info("encrypted password: " + passwordEncrypted );\r
}\r
\r
+ @Test\r
+ @DataSet\r
+ public void testHasPermission(){\r
+\r
+ Taxon taxon = Taxon.NewInstance(BotanicalName.NewInstance(Rank.GENUS()),null);\r
+\r
+ authentication = authenticationManager.authenticate(tokenForTaxonomist);\r
+ boolean hasPermission = permissionEvaluator.hasPermission(authentication, taxon, Operation.UPDATE);\r
+ assertTrue(hasPermission);\r
+\r
+ authentication = authenticationManager.authenticate(tokenForDescriptionEditor);\r
+ hasPermission = permissionEvaluator.hasPermission(authentication, taxon, Operation.UPDATE);\r
+ assertFalse(hasPermission);\r
+ }\r
+\r
+ @Test\r
+ @DataSet\r
+ public void testListByUsernameAllow(){\r
+\r
+ authentication = authenticationManager.authenticate(tokenForTaxonomist);\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+ context.setAuthentication(authentication);\r
+\r
+ List<User> userList = userService.listByUsername("Editor", MatchMode.ANYWHERE, null, null, 0, null, null);\r
+ Assert.assertTrue("The user list must have elements", userList.size() > 0 );\r
+ }\r
+\r
+ @Test\r
+ @DataSet\r
+ public void testUserService_CreateDeny(){\r
+\r
+ authentication = authenticationManager.authenticate(tokenForTaxonomist);\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+ context.setAuthentication(authentication);\r
+\r
+ RuntimeException exception = null;\r
+ try {\r
+ userService.createUser(User.NewInstance("new guy", "alkjdsfalkj"));\r
+ commitAndStartNewTransaction(null);\r
+ } catch (AccessDeniedException e){\r
+ logger.debug("Expected failure of evaluation.", e);\r
+ exception = e;\r
+ } catch (RuntimeException e){\r
+ exception = findThrowableOfTypeIn(EvaluationFailedException.class, e);\r
+ logger.debug("Expected failure of evaluation.", exception);\r
+ } finally {\r
+ // needed in case saveOrUpdate was interrupted by the RuntimeException\r
+ // commitAndStartNewTransaction() would raise an UnexpectedRollbackException\r
+ endTransaction();\r
+ startNewTransaction();\r
+ }\r
+ Assert.assertNotNull("Must fail here!", exception);\r
+\r
+ }\r
+\r
+ @Test\r
+ @DataSet\r
+ public void testUserService_CreateAllow(){\r
+\r
+ authentication = authenticationManager.authenticate(tokenForUserManager);\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+ context.setAuthentication(authentication);\r
+\r
+ RuntimeException exception = null;\r
+ try {\r
+ userService.createUser(User.NewInstance("new guy", "alkjdsfalkj"));\r
+ commitAndStartNewTransaction(null);\r
+ } catch (AccessDeniedException e){\r
+ logger.error("Unexpected failure of evaluation.", e);\r
+ exception = e;\r
+ } catch (RuntimeException e){\r
+ exception = findThrowableOfTypeIn(EvaluationFailedException.class, e);\r
+ logger.error("unexpected failure of evaluation.", exception);\r
+ } finally {\r
+ // needed in case saveOrUpdate was interrupted by the RuntimeException\r
+ // commitAndStartNewTransaction() would raise an UnexpectedRollbackException\r
+ endTransaction();\r
+ startNewTransaction();\r
+ }\r
+ Assert.assertNull("Must not fail here!", exception);\r
+\r
+ }\r
+\r
+\r
+ @Test\r
+ @DataSet\r
+ @Ignore // FIXME http://dev.e-taxonomy.eu/trac/ticket/3098\r
+ public void testHasPermissions(){\r
+\r
+ Taxon taxon = Taxon.NewInstance(BotanicalName.NewInstance(Rank.GENUS()),null);\r
+\r
+ authentication = authenticationManager.authenticate(tokenForTaxonomist);\r
+ boolean hasPermission = permissionEvaluator.hasPermission(authentication, taxon, Operation.ALL);\r
+ assertTrue(hasPermission);\r
+ }\r
+\r
+\r
/**\r
* Test method for {@link eu.etaxonomy.cdm.api.service.TaxonServiceImpl#saveTaxon(eu.etaxonomy.cdm.model.taxon.TaxonBase)}.\r
*/\r
@Test\r
public final void testSaveTaxon() {\r
- /*\r
- Md5PasswordEncoder encoder =new Md5PasswordEncoder();\r
- ReflectionSaltSource saltSource = new ReflectionSaltSource();\r
- saltSource.setUserPropertyToUse("getUsername");\r
- User user = User.NewInstance("partEditor", "test4");\r
- System.err.println(encoder.encodePassword("test4", saltSource.getSalt(user)));\r
\r
- */\r
authentication = authenticationManager.authenticate(tokenForAdmin);\r
SecurityContext context = SecurityContextHolder.getContext();\r
context.setAuthentication(authentication);\r
}\r
\r
@Test\r
- @Ignore //FIXME no need to test this, no access controll needed for userService.changePassword\r
public void testChangeOwnPassword(){\r
\r
SecurityContext context = SecurityContextHolder.getContext();\r
}\r
\r
@Test\r
- public void testChangeOthersPassword(){\r
+ public void testChangeOthersPasswordAllow(){\r
\r
SecurityContext context = SecurityContextHolder.getContext();\r
+ RuntimeException exception = null;\r
+\r
// (1) authenticate as admin\r
authentication = authenticationManager.authenticate(tokenForAdmin);\r
context.setAuthentication(authentication);\r
\r
- RuntimeException exception = null;\r
\r
try{\r
userService.changePasswordForUser("taxonomist", "zuaisd");\r
exception = e;\r
} catch (RuntimeException e){\r
exception = findThrowableOfTypeIn(EvaluationFailedException.class, e);\r
- logger.debug("Unexpected failure of evaluation.", exception);\r
+ logger.error("Unexpected failure of evaluation.", exception);\r
} finally {\r
// needed in case saveOrUpdate was interrupted by the RuntimeException\r
// commitAndStartNewTransaction() would raise an UnexpectedRollbackException\r
// ok, now try authenticating taxonomist with new password\r
UsernamePasswordAuthenticationToken newToken = new UsernamePasswordAuthenticationToken("taxonomist", "zuaisd");\r
authentication = authenticationManager.authenticate(newToken);\r
+ }\r
+\r
+ @Test\r
+ public void testChangeOthersPasswordDeny(){\r
+\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+ RuntimeException exception = null;\r
\r
// (2) authenticate as under privileged user - not an admin !!!\r
authentication = authenticationManager.authenticate(tokenForDescriptionEditor);\r
\r
// check test preconditions user name and authorities\r
Assert.assertEquals("descriptionEditor", context.getAuthentication().getName());\r
- Collection<GrantedAuthority> authorities = context.getAuthentication().getAuthorities();\r
+ Collection<? extends GrantedAuthority> authorities = context.getAuthentication().getAuthorities();\r
for(GrantedAuthority authority: authorities){\r
// role prefix 'ROLE_' is defined in org.springframework.security.access.vote.RoleVoter !!!\r
Assert.assertNotSame("user must not have authority 'ROLE_ADMIN'", "ROLE_ADMIN", authority.getAuthority());\r
\r
}\r
\r
+ /**\r
+ * test with admin account - should succeed\r
+ */\r
@Test\r
- public final void testSaveOrUpdateTaxon() {\r
+ public final void testTaxonSaveOrUpdateAllow_1() {\r
+\r
SecurityContext context = SecurityContextHolder.getContext();\r
\r
- // 1) test with admin account - should succeed\r
authentication = authenticationManager.authenticate(tokenForAdmin);\r
context.setAuthentication(authentication);\r
+ RuntimeException securityException= null;\r
\r
TaxonBase<?> taxon = taxonService.load(UUID_ACHERONTIA_STYX);\r
+ Assert.assertFalse(taxon.isDoubtful());\r
taxon.setDoubtful(true);\r
- RuntimeException securityException= null;\r
try{\r
taxonService.saveOrUpdate(taxon);\r
commitAndStartNewTransaction(null);\r
} catch (RuntimeException e){\r
securityException = findSecurityRuntimeException(e);\r
- logger.error("Unexpected failure of evaluation.", securityException);\r
+ logger.error("Unexpected failure of evaluation.", e);\r
} finally {\r
// needed in case saveOrUpdate was interrupted by the RuntimeException\r
// commitAndStartNewTransaction() would raise an UnexpectedRollbackException\r
// reload taxon\r
taxon = taxonService.load(UUID_ACHERONTIA_STYX);\r
Assert.assertTrue("The change must be persited", taxon.isDoubtful());\r
+ }\r
\r
- // 2) test with taxonEditor account - should succeed\r
+ /**\r
+ * test with taxonEditor account - should succeed\r
+ */\r
+ @Test\r
+ public final void testTaxonSaveOrUpdateAllow_2() {\r
+\r
+\r
+ RuntimeException securityException= null;\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+\r
+ // taxonEditor account - should succeed\r
authentication = authenticationManager.authenticate(tokenForTaxonEditor);\r
+\r
context.setAuthentication(authentication);\r
\r
- taxon = taxonService.load(UUID_ACHERONTIA_STYX);\r
- taxon.setDoubtful(false);\r
- securityException= null;\r
+ TaxonBase<?> taxon = taxonService.load(UUID_ACHERONTIA_STYX);\r
+ Assert.assertFalse(taxon.isDoubtful());\r
+ taxon.setDoubtful(true);\r
try{\r
taxonService.saveOrUpdate(taxon);\r
commitAndStartNewTransaction(null);\r
} catch (RuntimeException e){\r
securityException = findSecurityRuntimeException(e);\r
- logger.debug("Unexpected failure of evaluation.", securityException);\r
+ logger.error("Unexpected failure of evaluation.", e);\r
} finally {\r
// needed in case saveOrUpdate was interrupted by the RuntimeException\r
// commitAndStartNewTransaction() would raise an UnexpectedRollbackException\r
Assert.assertNull("evaluation must not fail since the user is permitted, CAUSE :" + (securityException != null ? securityException.getMessage() : ""), securityException);\r
// reload taxon\r
taxon = taxonService.load(UUID_ACHERONTIA_STYX);\r
- Assert.assertFalse("The change must be persited", taxon.isDoubtful());\r
+ Assert.assertTrue("The change must be persited", taxon.isDoubtful());\r
+ }\r
+\r
+ /**\r
+ * test with tokenForDescriptionEditor account - should fail\r
+ */\r
+ @Test\r
+ public final void testTaxonSaveOrUpdateDeny_2() {\r
+\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+ RuntimeException securityException = null;\r
+\r
+ authentication = authenticationManager.authenticate(tokenForDescriptionEditor);\r
+ context.setAuthentication(authentication);\r
+\r
+ TaxonBase<?> taxon = taxonService.load(UUID_ACHERONTIA_STYX);\r
+\r
+ Assert.assertFalse(taxon.isDoubtful());\r
+ taxon.setDoubtful(true);\r
+ try {\r
+ taxonService.saveOrUpdate(taxon);\r
+ commitAndStartNewTransaction(null);\r
+ } catch (RuntimeException e){\r
+ securityException = findSecurityRuntimeException(e);\r
+ logger.debug("Expected failure of evaluation.", securityException);\r
+ } finally {\r
+ // needed in case saveOrUpdate was interrupted by the RuntimeException\r
+ // commitAndStartNewTransaction() would raise an UnexpectedRollbackException\r
+ endTransaction();\r
+ startNewTransaction();\r
+ }\r
+\r
+ Assert.assertNotNull("evaluation must fail since the user is not permitted", securityException);\r
+ // reload taxon\r
+ taxon = taxonService.load(UUID_ACHERONTIA_STYX);\r
+ Assert.assertFalse("The change must not be persited", taxon.isDoubtful());\r
+ }\r
+\r
+ /**\r
+ * test with admin account - should succeed\r
+ */\r
+ @Test\r
+ public final void testTaxonDeleteAllow_1() {\r
+\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+\r
+ authentication = authenticationManager.authenticate(tokenForAdmin);\r
+ context.setAuthentication(authentication);\r
+ RuntimeException securityException= null;\r
+\r
+ TaxonBase<?> taxon = taxonService.load(UUID_LACTUCA);\r
+ try{\r
+ taxonService.delete(taxon);\r
+ commitAndStartNewTransaction(null);\r
+ } catch (RuntimeException e){\r
+ securityException = findSecurityRuntimeException(e);\r
+ logger.error("Unexpected failure of evaluation.", e);\r
+ } finally {\r
+ // needed in case saveOrUpdate was interrupted by the RuntimeException\r
+ // commitAndStartNewTransaction() would raise an UnexpectedRollbackException\r
+ endTransaction();\r
+ startNewTransaction();\r
+ }\r
+ Assert.assertNull("evaluation must not fail since the user is permitted, CAUSE :" + (securityException != null ? securityException.getMessage() : ""), securityException);\r
+ // reload taxon\r
+ taxon = taxonService.load(UUID_LACTUCA);\r
+ Assert.assertNull("The taxon must be deleted", taxon);\r
+ }\r
+\r
+ /**\r
+ * test with admin account - should succeed\r
+ */\r
+ @Test\r
+ @Ignore\r
+ /*FIXME fails due to org.hibernate.ObjectDeletedException: deleted object would be re-saved by cascade (remove deleted object from associations)\r
+ * see ticket #3086\r
+ */\r
+ public final void testTaxonDeleteAllow_2() {\r
\r
- // 3) test with tokenForDescriptionEditor account - should fail\r
-// authentication = authenticationManager.authenticate(tokenForTaxonEditor);\r
-// context.setAuthentication(authentication);\r
-// taxon = taxonService.load(uuid);\r
-//\r
-// taxon.setDoubtful(true);\r
-// taxonService.saveOrUpdate(taxon);\r
-// commitAndStartNewTransaction(null);\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+\r
+ authentication = authenticationManager.authenticate(tokenForAdmin);\r
+ context.setAuthentication(authentication);\r
+ RuntimeException securityException= null;\r
\r
+ TaxonBase<?> taxon = taxonService.load(UUID_ACHERONTINII);\r
+ try{\r
+ taxonService.delete(taxon);\r
+ commitAndStartNewTransaction(null);\r
+ } catch (RuntimeException e){\r
+ securityException = findSecurityRuntimeException(e);\r
+ logger.error("Unexpected failure of evaluation.", e);\r
+ } finally {\r
+ // needed in case saveOrUpdate was interrupted by the RuntimeException\r
+ // commitAndStartNewTransaction() would raise an UnexpectedRollbackException\r
+ endTransaction();\r
+ startNewTransaction();\r
+ }\r
+ Assert.assertNull("evaluation must not fail since the user is permitted, CAUSE :" + (securityException != null ? securityException.getMessage() : ""), securityException);\r
+ // reload taxon\r
+ taxon = taxonService.load(UUID_ACHERONTINII);\r
+ Assert.assertNull("The taxon must be deleted", taxon);\r
}\r
\r
+\r
+ /**\r
+ * test with tokenForDescriptionEditor account - should fail\r
+ */\r
+ @Test\r
+ public final void testTaxonDeleteDeny() {\r
+\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+ RuntimeException securityException = null;\r
+\r
+ authentication = authenticationManager.authenticate(tokenForDescriptionEditor);\r
+ context.setAuthentication(authentication);\r
+\r
+ TaxonBase<?> taxon = taxonService.load(UUID_LACTUCA);\r
+\r
+ try {\r
+ taxonService.delete(taxon);\r
+ commitAndStartNewTransaction(null);\r
+ } catch (RuntimeException e){\r
+ securityException = findSecurityRuntimeException(e);\r
+ logger.debug("Expected failure of evaluation.", securityException);\r
+ } finally {\r
+ // needed in case saveOrUpdate was interrupted by the RuntimeException\r
+ // commitAndStartNewTransaction() would raise an UnexpectedRollbackException\r
+ endTransaction();\r
+ startNewTransaction();\r
+ }\r
+\r
+ Assert.assertNotNull("evaluation must fail since the user is not permitted", securityException);\r
+ // reload taxon\r
+ taxon = taxonService.load(UUID_LACTUCA);\r
+ Assert.assertNotNull("The change must still exist", taxon);\r
+ }\r
+\r
+\r
@Test\r
@Ignore //FIXME: adding taxa to a description must be protected at the side of the Description itself!!\r
// => protecting method TaxonDescription.setTaxon() ?\r
\r
@Test\r
public void testCreateDescriptionWithElement(){\r
- authentication = authenticationManager.authenticate(tokenForDescriptionEditor);\r
+\r
SecurityContext context = SecurityContextHolder.getContext();\r
+ authentication = authenticationManager.authenticate(tokenForDescriptionEditor);\r
context.setAuthentication(authentication);\r
\r
+ TaxonDescription description = null;\r
+ RuntimeException securityException = null;\r
Taxon taxon = (Taxon)taxonService.load(UUID_ACHERONTINII);\r
Assert.assertTrue("taxon must not yet have descriptions", taxon.getDescriptions().size() == 0);\r
\r
- TaxonDescription description = null;\r
\r
// 1) test for failure - description element but no feature\r
description = TaxonDescription.NewInstance(taxon);\r
DescriptionElementBase textdataNoFeature = TextData.NewInstance();\r
description.addElement(textdataNoFeature);\r
\r
- RuntimeException securityException = null;\r
assertTrue(permissionEvaluator.hasPermission(authentication, description, "UPDATE"));\r
try{\r
descriptionService.saveOrUpdate(description);\r
commitAndStartNewTransaction(null);\r
} catch (RuntimeException e){\r
securityException = findSecurityRuntimeException(e);\r
+ logger.error("RuntimeException caught");\r
logger.debug("Expected failure of evaluation.", securityException);\r
} finally {\r
// needed in case saveOrUpdate was interrupted by the RuntimeException\r
Set<TaxonDescription> descriptions = taxon.getDescriptions();\r
assertTrue("taxon must not have any description", descriptions.size() == 0);\r
\r
+ }\r
+\r
+ @Test\r
+ public void testCreateDescriptionWithElementDeny_1(){\r
+\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+ authentication = authenticationManager.authenticate(tokenForDescriptionEditor);\r
+ context.setAuthentication(authentication);\r
+\r
+ TaxonDescription description = null;\r
+ RuntimeException securityException = null;\r
+ Taxon taxon = (Taxon)taxonService.load(UUID_ACHERONTINII);\r
+ Assert.assertTrue("taxon must not yet have descriptions", taxon.getDescriptions().size() == 0);\r
+\r
// 2) test for failure - description element but not granted feature\r
description = TaxonDescription.NewInstance(taxon);\r
DescriptionElementBase descriptionText = TextData.NewInstance(Feature.DESCRIPTION());\r
\r
Assert.assertNotNull("evaluation should fail", securityException);\r
taxon = (Taxon)taxonService.load(UUID_ACHERONTINII);\r
- descriptions = taxon.getDescriptions();\r
+ Set<TaxonDescription> descriptions = taxon.getDescriptions();\r
assertTrue("taxon must not have any description", descriptions.size() == 0);\r
\r
+ }\r
+\r
+ @Test\r
+ public void testCreateDescriptionWithElementDeny_2(){\r
+\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+ authentication = authenticationManager.authenticate(tokenForDescriptionEditor);\r
+ context.setAuthentication(authentication);\r
+\r
+ TaxonDescription description = null;\r
+ RuntimeException securityException = null;\r
+ Taxon taxon = (Taxon)taxonService.load(UUID_ACHERONTINII);\r
+ Assert.assertTrue("taxon must not yet have descriptions", taxon.getDescriptions().size() == 0);\r
+\r
// 3) test for failure\r
description = TaxonDescription.NewInstance(taxon);\r
DescriptionElementBase ecologyText = TextData.NewInstance(Feature.ECOLOGY());\r
commitAndStartNewTransaction(null);\r
} catch (RuntimeException e){\r
securityException = findSecurityRuntimeException(e);\r
- logger.debug("Unexpected failure of evaluation.", e);\r
+ logger.error("Unexpected failure of evaluation.", e);\r
} finally {\r
// needed in case saveOrUpdate was interrupted by the RuntimeException\r
// commitAndStartNewTransaction() would raise an UnexpectedRollbackException\r
\r
Assert.assertNull("evaluation must not fail since the user is permitted, CAUSE :" + (securityException != null ? securityException.getMessage() : ""), securityException);\r
taxon = (Taxon)taxonService.load(UUID_ACHERONTINII);\r
- descriptions = taxon.getDescriptions();\r
+ Set<TaxonDescription> descriptions = taxon.getDescriptions();\r
assertTrue("taxon must now have one description", descriptions.size() == 1);\r
assertTrue("description should have one description element", descriptions.iterator().next().getElements().size() == 1);\r
-\r
}\r
\r
@Test\r
- public void testSaveSynonym(){\r
+ public void testSaveSynonymAllow(){\r
\r
SecurityContext context = SecurityContextHolder.getContext();\r
+ RuntimeException securityException = null;\r
\r
// 1) test for success\r
authentication = authenticationManager.authenticate(tokenForTaxonomist);\r
context.setAuthentication(authentication);\r
\r
- RuntimeException securityException = null;\r
Synonym syn = Synonym.NewInstance(BotanicalName.NewInstance(Rank.SPECIES()), null);\r
UUID synUuid = UUID.randomUUID();\r
syn.setUuid(synUuid);\r
commitAndStartNewTransaction(null);\r
} catch (RuntimeException e){\r
securityException = findSecurityRuntimeException(e);\r
- logger.debug("Unexpected failure of evaluation.", e);\r
+ logger.error("Unexpected failure of evaluation.", e);\r
} finally {\r
// needed in case saveOrUpdate was interrupted by the RuntimeException\r
// commitAndStartNewTransaction() would raise an UnexpectedRollbackException\r
}\r
Assert.assertNull("evaluation must not fail since the user is permitted, CAUSE :" + (securityException != null ? securityException.getMessage() : ""), securityException);\r
Assert.assertNotNull("The new Synonym must be persited", taxonService.find(synUuid));\r
+ }\r
\r
+ @Test\r
+ public void testSaveSynonymDenial(){\r
+\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+ RuntimeException securityException = null;\r
// 2) test for denial\r
authentication = authenticationManager.authenticate(tokenForDescriptionEditor);\r
context.setAuthentication(authentication);\r
securityException = null;\r
- syn = Synonym.NewInstance(BotanicalName.NewInstance(Rank.SPECIES()), null);\r
- synUuid = syn.getUuid();\r
+ Synonym syn = Synonym.NewInstance(BotanicalName.NewInstance(Rank.SPECIES()), null);\r
+ UUID synUuid = syn.getUuid();\r
try{\r
taxonService.saveOrUpdate(syn);\r
logger.debug("will commit ...");\r
}\r
\r
@Test\r
- public void testEditPartOfClassification(){\r
- /*\r
- * the user 'partEditor' has the following authorities:\r
- *\r
- * - TAXONNODE.CREATE{20c8f083-5870-4cbd-bf56-c5b2b98ab6a7}\r
- * - TAXONNODE.UPDATE{20c8f083-5870-4cbd-bf56-c5b2b98ab6a7}\r
- *\r
- * that is 'partEditor' is granted to edit the subtree of\r
- * which ACHERONTIA_NODE_UUID [20c8f083-5870-4cbd-bf56-c5b2b98ab6a7] is the root node.\r
- */\r
+ public void testEditPartOfClassificationAllow(){\r
\r
authentication = authenticationManager.authenticate(tokenForPartEditor);\r
SecurityContext context = SecurityContextHolder.getContext();\r
context.setAuthentication(authentication);\r
+ RuntimeException securityException = null;\r
\r
// test for success\r
- RuntimeException securityException = null;\r
TaxonNode acherontia_node = taxonNodeService.load(ACHERONTIA_NODE_UUID);\r
long numOfChildNodes = acherontia_node.getChildNodes().size();\r
TaxonNode childNode = acherontia_node.addChildTaxon(Taxon.NewInstance(BotanicalName.NewInstance(Rank.SPECIES()), null), null, null, null);\r
commitAndStartNewTransaction(null);\r
} catch (RuntimeException e){\r
securityException = findSecurityRuntimeException(e);\r
- logger.debug("Unexpected failure of evaluation.", securityException);\r
+ logger.error("Unexpected failure of evaluation.", securityException);\r
} finally {\r
// needed in case saveOrUpdate was interrupted by the RuntimeException\r
// commitAndStartNewTransaction() would raise an UnexpectedRollbackException\r
acherontia_node = taxonNodeService.load(ACHERONTIA_NODE_UUID);\r
Assert.assertNull("evaluation must not fail since the user is permitted, CAUSE :" + (securityException != null ? securityException.getMessage() : ""), securityException);\r
Assert.assertEquals("the acherontia_node must now have one more child node ", numOfChildNodes + 1 , acherontia_node.getChildNodes().size());\r
+ }\r
+\r
+ @Test\r
+ public void testEditPartOfClassificationDeny(){\r
+\r
+ authentication = authenticationManager.authenticate(tokenForPartEditor);\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+ context.setAuthentication(authentication);\r
+ RuntimeException securityException = null;\r
\r
// test for denial\r
securityException = null;\r
TaxonNode acherontiini_node = taxonNodeService.load(ACHERONTIINI_NODE_UUID);\r
- numOfChildNodes = acherontiini_node.getCountChildren();\r
+ int numOfChildNodes = acherontiini_node.getCountChildren();\r
acherontiini_node.addChildTaxon(Taxon.NewInstance(BotanicalName.NewInstance(Rank.GENUS()), null), null, null, null);\r
\r
try{\r
\r
}\r
\r
- public static void main(String[] args){\r
- Md5PasswordEncoder encoder =new Md5PasswordEncoder();\r
-\r
- ReflectionSaltSource saltSource = new ReflectionSaltSource();\r
- saltSource.setUserPropertyToUse("getUsername");\r
- User user = User.NewInstance("taxonomist", "test4");\r
- System.err.println(encoder.encodePassword("test4", saltSource.getSalt(user)));\r
- }\r
-\r
-\r
-\r
-\r
}\r