1
|
/**
|
2
|
* Copyright (C) 2017 EDIT
|
3
|
* European Distributed Institute of Taxonomy
|
4
|
* http://www.e-taxonomy.eu
|
5
|
*
|
6
|
* The contents of this file are subject to the Mozilla Public License Version 1.1
|
7
|
* See LICENSE.TXT at the top of this package for the full license terms.
|
8
|
*/
|
9
|
package eu.etaxonomy.cdm.persistence.hibenate.permission;
|
10
|
|
11
|
import java.util.Arrays;
|
12
|
import java.util.EnumSet;
|
13
|
|
14
|
import org.junit.Test;
|
15
|
import org.springframework.security.access.AccessDecisionVoter;
|
16
|
|
17
|
import eu.etaxonomy.cdm.model.description.TaxonDescription;
|
18
|
import eu.etaxonomy.cdm.model.taxon.Taxon;
|
19
|
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD;
|
20
|
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmAuthority;
|
21
|
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmPermissionClass;
|
22
|
import eu.etaxonomy.cdm.persistence.hibernate.permission.voter.DescriptionBaseVoter;
|
23
|
|
24
|
/**
|
25
|
* @author a.kohlbecker
|
26
|
* @date Feb 2, 2017
|
27
|
*
|
28
|
*/
|
29
|
public class DescriptionBaseVoterTest extends AbstractCdmPermissionVoterTest {
|
30
|
|
31
|
private DescriptionBaseVoter voter = new DescriptionBaseVoter();
|
32
|
|
33
|
@Test
|
34
|
public void test_U_C(){
|
35
|
|
36
|
int vote = voter.vote(
|
37
|
authentication(
|
38
|
new CdmAuthority(CdmPermissionClass.DESCRIPTIONBASE, null, EnumSet.of(CRUD.UPDATE), null),
|
39
|
new CdmAuthority(CdmPermissionClass.DESCRIPTIONBASE, null, EnumSet.of(CRUD.CREATE), null)
|
40
|
),
|
41
|
TaxonDescription.NewInstance(),
|
42
|
Arrays.asList(new CdmAuthority(CdmPermissionClass.DESCRIPTIONBASE, null, EnumSet.of(CRUD.UPDATE), null)));
|
43
|
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, vote);
|
44
|
}
|
45
|
|
46
|
@Test
|
47
|
public void test_C_U(){
|
48
|
int vote = voter.vote(
|
49
|
authentication(
|
50
|
// reverse order
|
51
|
new CdmAuthority(CdmPermissionClass.DESCRIPTIONBASE, null, EnumSet.of(CRUD.CREATE), null),
|
52
|
new CdmAuthority(CdmPermissionClass.DESCRIPTIONBASE, null, EnumSet.of(CRUD.UPDATE), null)
|
53
|
),
|
54
|
TaxonDescription.NewInstance(),
|
55
|
Arrays.asList(new CdmAuthority(CdmPermissionClass.DESCRIPTIONBASE, null, EnumSet.of(CRUD.UPDATE), null)));
|
56
|
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, vote);
|
57
|
|
58
|
}
|
59
|
|
60
|
@Test
|
61
|
public void test_CU(){
|
62
|
int vote = voter.vote(
|
63
|
authentication(
|
64
|
// combined
|
65
|
new CdmAuthority(CdmPermissionClass.DESCRIPTIONBASE, null, EnumSet.of(CRUD.CREATE, CRUD.UPDATE), null)
|
66
|
),
|
67
|
TaxonDescription.NewInstance(),
|
68
|
Arrays.asList(new CdmAuthority(CdmPermissionClass.DESCRIPTIONBASE, null, EnumSet.of(CRUD.UPDATE), null)));
|
69
|
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, vote);
|
70
|
|
71
|
}
|
72
|
|
73
|
@Test
|
74
|
public void test_UC(){
|
75
|
int vote = voter.vote(
|
76
|
authentication(
|
77
|
// combined reverse
|
78
|
new CdmAuthority(CdmPermissionClass.DESCRIPTIONBASE, null, EnumSet.of(CRUD.UPDATE, CRUD.CREATE), null)
|
79
|
),
|
80
|
TaxonDescription.NewInstance(),
|
81
|
Arrays.asList(new CdmAuthority(CdmPermissionClass.DESCRIPTIONBASE, null, EnumSet.of(CRUD.UPDATE), null)));
|
82
|
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, vote);
|
83
|
|
84
|
}
|
85
|
|
86
|
/**
|
87
|
* For a not orphan TaxonDescription the voter must evaluate the CRUD properties
|
88
|
*/
|
89
|
@Test
|
90
|
public void test_CU_DENIED(){
|
91
|
|
92
|
int vote = voter.vote(
|
93
|
authentication(
|
94
|
// insufficient grants
|
95
|
new CdmAuthority(CdmPermissionClass.DESCRIPTIONBASE, null, EnumSet.of(CRUD.CREATE, CRUD.UPDATE), null)
|
96
|
),
|
97
|
// an not orphan TaxonDescription since it is associated with a taxon
|
98
|
TaxonDescription.NewInstance(Taxon.NewInstance(null, null)),
|
99
|
Arrays.asList(new CdmAuthority(CdmPermissionClass.DESCRIPTIONBASE, null, EnumSet.of(CRUD.DELETE), null)));
|
100
|
assertEquals(AccessDecisionVoter.ACCESS_DENIED, vote);
|
101
|
}
|
102
|
|
103
|
/**
|
104
|
* Deletion of orphan objects is always allowed and insufficient CRUD operation will not
|
105
|
* influence the result.
|
106
|
*/
|
107
|
@Test
|
108
|
public void test_CU_ALLOW_orphaned(){
|
109
|
int vote = voter.vote(
|
110
|
authentication(
|
111
|
// insufficient grants
|
112
|
new CdmAuthority(CdmPermissionClass.DESCRIPTIONBASE, null, EnumSet.of(CRUD.CREATE, CRUD.UPDATE), null)
|
113
|
),
|
114
|
// an orphan TaxonDescription which has no taxon
|
115
|
TaxonDescription.NewInstance(),
|
116
|
Arrays.asList(new CdmAuthority(CdmPermissionClass.DESCRIPTIONBASE, null, EnumSet.of(CRUD.DELETE), null)));
|
117
|
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, vote);
|
118
|
}
|
119
|
|
120
|
/**
|
121
|
* If the classes do not match the voter will return the fallthrough vote which is ACCESS_DENIED.
|
122
|
*/
|
123
|
@Test
|
124
|
public void test_CU_DENIED_nonMatchingClass(){
|
125
|
int vote = voter.vote(
|
126
|
authentication(
|
127
|
// insufficient grants
|
128
|
new CdmAuthority(CdmPermissionClass.TAXONBASE, null, EnumSet.of(CRUD.CREATE, CRUD.UPDATE), null)
|
129
|
),
|
130
|
TaxonDescription.NewInstance(),
|
131
|
Arrays.asList(new CdmAuthority(CdmPermissionClass.DESCRIPTIONBASE, null, EnumSet.of(CRUD.DELETE), null)));
|
132
|
assertEquals(AccessDecisionVoter.ACCESS_DENIED, vote);
|
133
|
}
|
134
|
|
135
|
|
136
|
}
|