EDIT

/**

 * Copyright (C) 2007 EDIT

 * European Distributed Institute of Taxonomy

 * http://www.e-taxonomy.eu

 *

 * The contents of this file are subject to the Mozilla Public License Version 1.1

 * See LICENSE.TXT at the top of this package for the full license terms.

 */

package eu.etaxonomy.cdm.persistence.hibernate;

import java.util.Map;

import org.apache.log4j.Logger;

import org.hibernate.HibernateException;

import org.hibernate.event.spi.MergeEvent;

import org.hibernate.event.spi.MergeEventListener;

import org.hibernate.event.spi.SaveOrUpdateEvent;

import org.hibernate.event.spi.SaveOrUpdateEventListener;

import eu.etaxonomy.cdm.model.agent.Team;

import eu.etaxonomy.cdm.model.agent.TeamOrPersonBase;

import eu.etaxonomy.cdm.model.common.CdmBase;

import eu.etaxonomy.cdm.model.common.IdentifiableEntity;

import eu.etaxonomy.cdm.model.molecular.Amplification;

import eu.etaxonomy.cdm.model.name.NonViralName;

import eu.etaxonomy.cdm.model.reference.Reference;

/**

 * @author a.mueller

 * @created 04.03.2009

 */

public class CacheStrategyGenerator implements SaveOrUpdateEventListener, MergeEventListener {

    private static final long serialVersionUID = -5511287200489449838L;

    @SuppressWarnings("unused")

    private static final Logger logger = Logger.getLogger(CacheStrategyGenerator.class);

    @Override

    public void onSaveOrUpdate(SaveOrUpdateEvent event) throws HibernateException {

        Object entity = event.getObject();

        saveOrUpdateOrMerge(entity);

    }

    /* (non-Javadoc)

     * @see org.hibernate.event.spi.MergeEventListener#onMerge(org.hibernate.event.spi.MergeEvent)

     */

    @Override

    public void onMerge(MergeEvent event) throws HibernateException {

        Object entity = event.getOriginal();

        saveOrUpdateOrMerge(entity);

    }

    /* (non-Javadoc)

     * @see org.hibernate.event.spi.MergeEventListener#onMerge(org.hibernate.event.spi.MergeEvent, java.util.Map)

     */

    @Override

    public void onMerge(MergeEvent event, Map copiedAlready) throws HibernateException {

    }

    private void saveOrUpdateOrMerge(Object entity) {

        if (entity != null){

            Class<?> entityClazz = entity.getClass();

            //non-viral-name caches

            if(NonViralName.class.isAssignableFrom(entityClazz)) {

                NonViralName<?> nonViralName = (NonViralName<?>)entity;

                nonViralName.getAuthorshipCache();

                nonViralName.getNameCache();

                nonViralName.getTitleCache();

                nonViralName.getFullTitleCache();

                //team-or-person caches

            }else if(TeamOrPersonBase.class.isAssignableFrom(entityClazz)){

                TeamOrPersonBase<?> teamOrPerson = (TeamOrPersonBase<?>)entity;

                String nomTitle = teamOrPerson.getNomenclaturalTitle();

                if (teamOrPerson instanceof Team){

                    Team team =CdmBase.deproxy(teamOrPerson, Team.class);

                    team.setNomenclaturalTitle(nomTitle, team.isProtectedNomenclaturalTitleCache()); //nomTitle is not necessarily cached when it is created

                }else{

                    teamOrPerson.setNomenclaturalTitle(nomTitle);

                }

                String titleCache = teamOrPerson.getTitleCache();

                if (! teamOrPerson.isProtectedTitleCache()){

                    teamOrPerson.setTitleCache(titleCache, false);

                }

                //reference caches

            }else if(Reference.class.isAssignableFrom(entityClazz)){

                Reference<?> ref = (Reference<?>)entity;

                ref.getAbbrevTitleCache();

                ref.getTitleCache();

                //title cache

            }else if(IdentifiableEntity.class.isAssignableFrom(entityClazz)) {

                IdentifiableEntity<?> identifiableEntity = (IdentifiableEntity)entity;

                identifiableEntity.getTitleCache();

            }else if(Amplification.class.isAssignableFrom(entityClazz)) {

                Amplification amplification = (Amplification)entity;

                amplification.updateCache();

            }

        }

    }

}

/**

 *

 */

package eu.etaxonomy.cdm.persistence.hibernate;

import org.apache.log4j.Logger;

import org.hibernate.cfg.Configuration;

import org.hibernate.engine.spi.SessionFactoryImplementor;

import org.hibernate.event.service.spi.EventListenerRegistry;

import org.hibernate.event.spi.EventType;

import org.hibernate.integrator.spi.Integrator;

import org.hibernate.metamodel.source.MetadataImplementor;

import org.hibernate.service.spi.SessionFactoryServiceRegistry;

/**

 * @author a.mueller

 * @created 30.03.2013

 *

 */

public class CdmListenerIntegrator implements Integrator {

	private static final Logger logger = Logger.getLogger(CdmListenerIntegrator.class);

	/*

	 * (non-Javadoc)

	 *

	 * @see org.hibernate.integrator.spi.Integrator#integrate(org.hibernate.cfg.Configuration,

	 * org.hibernate.engine.spi.SessionFactoryImplementor,

	 * org.hibernate.service.spi.SessionFactoryServiceRegistry)

	 */

	@Override

	public void integrate(Configuration configuration, SessionFactoryImplementor sessionFactory, SessionFactoryServiceRegistry serviceRegistry){

		if (logger.isInfoEnabled()) {

			logger.info("Registering event listeners");

		}

		final EventListenerRegistry eventRegistry = serviceRegistry.getService(EventListenerRegistry.class);

		//duplication strategy

		eventRegistry.addDuplicationStrategy(CdmListenerDuplicationStrategy.NewInstance);

//		ValidationExecutor validationExecutor = new ValidationExecutor();

//		Level2ValidationEventListener l2Listener = new Level2ValidationEventListener();

//		l2Listener.setValidationExecutor(validationExecutor);

//		Level3ValidationEventListener l3Listener = new Level3ValidationEventListener();

//		l3Listener.setValidationExecutor(validationExecutor);

		// prepend to register before or append to register after

		// this example will register a persist event listener

		//eventRegistry.prependListeners(EventType.SAVE, new CacheStrategyGenerator(), new SaveEntityListener());

		eventRegistry.prependListeners(EventType.UPDATE, new CacheStrategyGenerator(), new UpdateEntityListener());

		eventRegistry.prependListeners(EventType.SAVE_UPDATE, new CacheStrategyGenerator(), new SaveOrUpdateorMergeEntityListener());

		eventRegistry.prependListeners(EventType.MERGE, new CacheStrategyGenerator(), new SaveOrUpdateorMergeEntityListener());

//		eventRegistry.prependListeners(EventType.SAVE_UPDATE, new CacheStrategyGenerator(), new SaveOrUpdateEntityListener());

		//TODO Cherian move to SaveOrUpdateorMergeEntityListener

		eventRegistry.appendListeners(EventType.MERGE, new PostMergeEntityListener());

		eventRegistry.appendListeners(EventType.DELETE, new CdmDeleteListener());

		eventRegistry.appendListeners(EventType.POST_LOAD, new CdmPostDataChangeObservableListener());

//with validation

//		eventRegistry.appendListeners(EventType.POST_INSERT, new CdmPostDataChangeObservableListener(), l2Listener, l3Listener);

//		eventRegistry.appendListeners(EventType.POST_UPDATE, new CdmPostDataChangeObservableListener(), l2Listener, l3Listener);

//		eventRegistry.appendListeners(EventType.POST_DELETE, new CdmPostDataChangeObservableListener(), l3Listener);

//without validation

		eventRegistry.appendListeners(EventType.POST_INSERT, new CdmPostDataChangeObservableListener());

		eventRegistry.appendListeners(EventType.POST_UPDATE, new CdmPostDataChangeObservableListener());

		eventRegistry.appendListeners(EventType.POST_DELETE, new CdmPostDataChangeObservableListener());

		eventRegistry.appendListeners(EventType.PRE_INSERT, new CdmPreDataChangeObservableListener());

		eventRegistry.appendListeners(EventType.PRE_UPDATE, new CdmPreDataChangeObservableListener());

	}

	/*

	 * (non-Javadoc)

	 *

	 * @see org.hibernate.integrator.spi.Integrator#integrate(org.hibernate.metamodel.source.

	 * MetadataImplementor, org.hibernate.engine.spi.SessionFactoryImplementor,

	 * org.hibernate.service.spi.SessionFactoryServiceRegistry)

	 */

	@Override

	public void integrate(MetadataImplementor metadata, SessionFactoryImplementor sessionFactory, SessionFactoryServiceRegistry serviceRegistry){

		//nothing to do for now

		logger.warn("Metadata integrate not yet implemented");

	}

	/*

	 * (non-Javadoc)

	 *

	 * @see org.hibernate.integrator.spi.Integrator#disintegrate(org.hibernate.engine.spi.

	 * SessionFactoryImplementor, org.hibernate.service.spi.SessionFactoryServiceRegistry)

	 */

	@Override

	public void disintegrate(SessionFactoryImplementor sessionFactory, SessionFactoryServiceRegistry serviceRegistry)

	{

		//nothing to do for now

		logger.warn("Disintegrate not yet implemented");

	}

}

    /* (non-Javadoc)

     * @see org.hibernate.event.spi.PreUpdateEventListener#onPreUpdate(org.hibernate.event.spi.PreUpdateEvent)

     */

    /* (non-Javadoc)

     * @see org.hibernate.event.spi.PreInsertEventListener#onPreInsert(org.hibernate.event.spi.PreInsertEvent)

     */

/**

 * Copyright (C) 2011 EDIT

 * European Distributed Institute of Taxonomy

 * http://www.e-taxonomy.eu

 *

 * The contents of this file are subject to the Mozilla Public License Version 1.1

 * See LICENSE.TXT at the top of this package for the full license terms.

 */

package eu.etaxonomy.cdm.persistence.hibernate;

import java.io.Serializable;

import java.util.EnumSet;

import java.util.HashMap;

import java.util.HashSet;

import java.util.Map;

import java.util.Set;

import org.apache.commons.lang.ArrayUtils;

import org.apache.log4j.Logger;

import org.hibernate.EmptyInterceptor;

import org.hibernate.type.Type;

import org.springframework.security.core.context.SecurityContextHolder;

import org.springframework.stereotype.Component;

import eu.etaxonomy.cdm.database.PermissionDeniedException;

import eu.etaxonomy.cdm.model.CdmBaseType;

import eu.etaxonomy.cdm.model.common.CdmBase;

import eu.etaxonomy.cdm.model.common.IPublishable;

import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD;

import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmPermissionEvaluator;

import eu.etaxonomy.cdm.persistence.hibernate.permission.Operation;

import eu.etaxonomy.cdm.persistence.hibernate.permission.Role;

/**

 * @author k.luther

 * @author a.kohlbecker

 *

 */

@Component

public class CdmSecurityHibernateInterceptor extends EmptyInterceptor {

    private static final long serialVersionUID = 8477758472369568074L;

    public static final Logger logger = Logger.getLogger(CdmSecurityHibernateInterceptor.class);

    private CdmPermissionEvaluator permissionEvaluator;

    public CdmPermissionEvaluator getPermissionEvaluator() {

        return permissionEvaluator;

    }

    public void setPermissionEvaluator(CdmPermissionEvaluator permissionEvaluator) {

        this.permissionEvaluator = permissionEvaluator;

    }

    /**

     * The exculdeMap must map every property to the CdmBase type !!!

     */

    public static final Map<Class<? extends CdmBase>, Set<String>> exculdeMap = new HashMap<Class<? extends CdmBase>, Set<String>>();

    static{

//        disabled since no longer needed, see https://dev.e-taxonomy.eu/trac/ticket/4111#comment:8

//        exculdeMap.put(TaxonNameBase.class, new HashSet<String>());

        /*

         * default fields required for each type for which excludes are defined

         */

//        exculdeMap.get(TaxonNameBase.class).add("updatedBy");

//        exculdeMap.get(TaxonNameBase.class).add("created");

//        exculdeMap.get(TaxonNameBase.class).add("updated");

        /*

         * the specific excludes

         */

//        exculdeMap.get(TaxonNameBase.class).add("taxonBases");

    }

    /* (non-Javadoc)

     * @see org.hibernate.EmptyInterceptor#onSave(java.lang.Object, java.io.Serializable, java.lang.Object[], java.lang.String[], org.hibernate.type.Type[])

     */

    @Override

    public boolean onSave(Object entity, Serializable id, Object[] state, String[] propertyNames, Type[] type) {

        if (SecurityContextHolder.getContext().getAuthentication() == null || !(entity instanceof CdmBase)) {

            return true;

        }

        // evaluate throws EvaluationFailedException

        checkPermissions((CdmBase) entity, Operation.CREATE);

        logger.debug("permission check suceeded - object creation granted");

        return true;

    }

    /* (non-Javadoc)

     * @see org.hibernate.EmptyInterceptor#onFlushDirty(java.lang.Object, java.io.Serializable, java.lang.Object[], java.lang.Object[], java.lang.String[], org.hibernate.type.Type[])

     */

    @Override

    public boolean onFlushDirty(Object entity, Serializable id, Object[] currentState, Object[] previousState, String[] propertyNames, Type[] types) {

        if (SecurityContextHolder.getContext().getAuthentication() == null || !(entity instanceof CdmBase)) {

            return true;

        }

        CdmBase cdmEntity = (CdmBase) entity;

        if (previousState == null){

            return onSave(cdmEntity, id, currentState, propertyNames, null);

        }

        if (isModified(currentState, previousState, propertyNames, exculdeMap.get(CdmBaseType.baseTypeFor(cdmEntity.getClass())))) {

            // evaluate throws EvaluationFailedException

            checkPermissions(cdmEntity, Operation.UPDATE);

            logger.debug("Operation.UPDATE permission check suceeded - object update granted");

            if(IPublishable.class.isAssignableFrom(entity.getClass())){

                if(namedPropertyIsModified(currentState, previousState, propertyNames, "publish")){

                    checkRoles(Role.ROLE_PUBLISH, Role.ROLE_ADMIN);

                    logger.debug("Role.ROLE_PUBLISH permission check suceeded - object update granted");

                }

            }

        }

        return true;

    }

    /* (non-Javadoc)

     * @see org.hibernate.EmptyInterceptor#onDelete(java.lang.Object, java.io.Serializable, java.lang.Object[], java.lang.String[], org.hibernate.type.Type[])

     */

    @Override

    public void onDelete(Object entity, Serializable id, Object[] state, String[] propertyNames, Type[] types) {

        if (SecurityContextHolder.getContext().getAuthentication() == null || !(entity instanceof CdmBase)) {

            return;

        }

        CdmBase cdmEntity = (CdmBase) entity;

        // evaluate throws EvaluationFailedException

        checkPermissions(cdmEntity, Operation.DELETE);

        logger.debug("permission check suceeded - object update granted");

        return;

    }

    /**

     * checks if the current authentication has the <code>expectedPermission</code> on the supplied <code>entity</code>.

     * Throws an {@link PermissionDeniedException} if the evaluation fails.

     *

     * @param entity

     * @param expectedOperation

     */

    private void checkPermissions(CdmBase entity, EnumSet<CRUD> expectedOperation) {

        if (!permissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), entity, expectedOperation)){

            throw new PermissionDeniedException(SecurityContextHolder.getContext().getAuthentication(), entity, expectedOperation);

        }

    }

    /**

     * checks if the current authentication has at least one of the <code>roles</code>.

     * Throws an {@link PermissionDeniedException} if the evaluation fails.

     * @param roles

     */

    private void checkRoles(Role ... roles) {

        if (!permissionEvaluator.hasOneOfRoles(SecurityContextHolder.getContext().getAuthentication(), roles)){

            throw new PermissionDeniedException(SecurityContextHolder.getContext().getAuthentication(), roles);

        }

    }

    /**

     * Checks if the CDM entity as been modified by comparing the current with the previous state.

     *

     * @param currentState

     * @param previousState

     * @return true if the currentState and previousState differ.

     */

    private boolean isModified(Object[] currentState, Object[] previousState, String[] propertyNames, Set<String> excludes) {

        Set<Integer> excludeIds = null;

        if(excludes != null && excludes.size() > 0) {

            excludeIds = new HashSet<Integer>(excludes.size());

            int i = 0;

            for(String prop : propertyNames){

                if(excludes.contains(prop)){

                    excludeIds.add(i);

                }

                if(excludeIds.size() == excludes.size()){

                    // all ids found

                    break;

                }

                i++;

            }

        }

        for (int i = 0; i<currentState.length; i++){

            if((excludeIds == null || !excludeIds.contains(i))){

                if(propertyIsModified(currentState, previousState, i)){

                    if(logger.isDebugEnabled()){

                        logger.debug("modified property found: " + propertyNames[i] + ", previousState: " + previousState[i] + ", currentState: " + currentState[i] );

                    }

                    return true;

                }

            }

        }

        return false;

    }

    /**

     * Compares the object states at the property denoted by the key parameter and returns true if they differ in this property

     *

     * @param currentState

     * @param previousState

     * @param isModified

     * @param key

     * @return

     */

    private boolean propertyIsModified(Object[] currentState, Object[] previousState, int key) {

        if (currentState[key]== null ) {

            if ( previousState[key]!= null) {

                return true;

            }

        }

        if (currentState[key]!= null ){

            if (previousState[key] == null){

                return true;

            }

        }

        if (currentState[key]!= null && previousState[key] != null){

            if (!currentState[key].equals(previousState[key])) {

                return true;

            }

        }

        return false;

    }

    private boolean namedPropertyIsModified(Object[] currentState, Object[] previousState, String[] propertyNames, String propertyNameToTest) {

        int key = ArrayUtils.indexOf(propertyNames, propertyNameToTest);

        return propertyIsModified(currentState, previousState, key);

    }

}

import eu.etaxonomy.cdm.model.common.CdmBase;

import eu.etaxonomy.cdm.model.occurrence.DeterminationEvent;

    /* (non-Javadoc)

     * @see org.hibernate.event.spi.MergeEventListener#onMerge(org.hibernate.event.spi.MergeEvent)

     */

    /* (non-Javadoc)

     * @see org.hibernate.event.spi.MergeEventListener#onMerge(org.hibernate.event.spi.MergeEvent, java.util.Map)

     */

        if(entity != null && CdmBase.class.isAssignableFrom(entity.getClass())){

            if (entity instanceof ITreeNode) {

                ITreeNode<?> node = (ITreeNode<?>)entity;

                reindex(node);

            }

            if (entity instanceof DeterminationEvent) {

                DeterminationEvent detEv = (DeterminationEvent)entity;

                if (detEv.getTaxon() != null && detEv.getTaxonName() == null && detEv.getTaxon().getName() != null){

                    detEv.setTaxonName(detEv.getTaxon().getName());

                }

            }

        }

<?xml version='1.0' encoding='UTF-8'?>

  <DESCRIPTIONELEMENTBASE DTYPE="TextData" ID="34" INDESCRIPTION_ID="1" CREATED="2008-12-10 09:56:07.0" UUID="31a0160a-51b2-4565-85cf-2be58cb561d6" FEATURE_ID="922"/>

  <DESCRIPTIONELEMENTBASE_LANGUAGESTRING DESCRIPTIONELEMENTBASE_ID="34" MULTILANGUAGETEXT_MAPKEY_ID="406"/>

  <LANGUAGESTRING ID="1" CREATED="2008-12-10 09:56:07.0" UUID="2a5ceebb-4830-4524-b330-78461bf8cb6b" UPDATED="2008-12-10 09:56:07.253" LANGUAGE_ID="406" TEXT="A new English text"/>

  <LANGUAGESTRING ID="2" CREATED="2008-12-10 09:56:07.0" UUID="373e7154-9372-4985-b77e-68df28e3f84b" UPDATED="2008-12-10 09:56:07.253" LANGUAGE_ID="406" TEXT="Praesent vitae turpis vitae sapien sodales sagittis."/>

  <LANGUAGESTRING ID="3" CREATED="2008-12-10 09:56:07.0" UUID="f72f17d8-58c2-4c4e-b052-89d9016b6d02" UPDATED="2008-12-10 09:56:07.253" LANGUAGE_ID="406" TEXT="Maecenas congue ligula ut nulla. Nullam commodo euismod dolor."/>

  <TAXONBASE DTYPE="Taxon" ID="36" CREATED="2003-04-10 09:56:07.0" UUID="b04cc9cb-2b4a-4cc4-a94a-3c93a2158b06" UPDATED="2008-12-10 09:56:07.253" PROTECTEDTITLECACHE="true" TITLECACHE="Acherontia lachesis (Fabricius, 1798) sec. cate-sphingidae.org" DOUBTFUL="false" TAXONOMICCHILDRENCOUNT="1" NAME_ID="36" SEC_ID="2"/>

  <AGENTBASE DTYPE="Person" ID="1" CREATED="2008-12-10 09:56:07.0" UUID="e4ec436a-3e8c-4166-a834-3bb84c2b5ad6" UPDATED="2008-12-10 09:56:07.253" PROTECTEDTITLECACHE="true" TITLECACHE="H.C.J. Godfray"  COLLECTORTITLE="[NULL]" PROTECTEDCOLLECTORTITLECACHE="FALSE" />

  <AGENTBASE DTYPE="Person" ID="2" CREATED="2008-12-10 09:56:07.0" UUID="ed6ac546-8c6c-48c4-9b91-40b1157c05c6" UPDATED="2008-12-10 09:56:07.253" PROTECTEDTITLECACHE="true" TITLECACHE="B.R. Clark" FIRSTNAME="Ben" LASTNAME="Clark"  COLLECTORTITLE="[NULL]" PROTECTEDCOLLECTORTITLECACHE="FALSE" />

/**

 * Copyright (C) 2011 EDIT

 * European Distributed Institute of Taxonomy

 * http://www.e-taxonomy.eu

 *

 * The contents of this file are subject to the Mozilla Public License Version 1.1

 * See LICENSE.TXT at the top of this package for the full license terms.

 */

package eu.etaxonomy.cdm.api.service;

import static org.junit.Assert.assertEquals;

import static org.junit.Assert.assertFalse;

import static org.junit.Assert.assertTrue;

import java.io.FileNotFoundException;

import java.util.Collection;

import java.util.EnumSet;

import java.util.HashSet;

import java.util.List;

import java.util.Set;

import java.util.UUID;

import javax.sql.DataSource;

import org.apache.log4j.Logger;

import org.junit.Assert;

import org.junit.Ignore;

import org.junit.Test;

import org.springframework.security.access.AccessDeniedException;

import org.springframework.security.authentication.AuthenticationManager;

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;

import org.springframework.security.authentication.dao.SaltSource;

import org.springframework.security.authentication.encoding.PasswordEncoder;

import org.springframework.security.core.Authentication;

import org.springframework.security.core.GrantedAuthority;

import org.springframework.security.core.context.SecurityContext;

import org.springframework.security.core.context.SecurityContextHolder;

import org.unitils.database.annotations.TestDataSource;

import org.unitils.dbunit.annotation.DataSet;

import org.unitils.spring.annotation.SpringBean;

import org.unitils.spring.annotation.SpringBeanByType;

import sun.security.provider.PolicyParser.ParsingException;

import eu.etaxonomy.cdm.database.PermissionDeniedException;

import eu.etaxonomy.cdm.model.common.GrantedAuthorityImpl;

import eu.etaxonomy.cdm.model.common.User;

import eu.etaxonomy.cdm.model.description.DescriptionElementBase;

import eu.etaxonomy.cdm.model.description.Feature;

import eu.etaxonomy.cdm.model.description.TaxonDescription;

import eu.etaxonomy.cdm.model.description.TextData;

import eu.etaxonomy.cdm.model.name.BotanicalName;

import eu.etaxonomy.cdm.model.name.Rank;

import eu.etaxonomy.cdm.model.name.TaxonNameBase;

import eu.etaxonomy.cdm.model.name.ZoologicalName;

import eu.etaxonomy.cdm.model.reference.Reference;

import eu.etaxonomy.cdm.model.reference.ReferenceFactory;

import eu.etaxonomy.cdm.model.taxon.Classification;

import eu.etaxonomy.cdm.model.taxon.Synonym;

import eu.etaxonomy.cdm.model.taxon.SynonymRelationshipType;

import eu.etaxonomy.cdm.model.taxon.Taxon;

import eu.etaxonomy.cdm.model.taxon.TaxonBase;

import eu.etaxonomy.cdm.model.taxon.TaxonNode;

import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD;

import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmAuthority;

import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmPermissionClass;

import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmPermissionEvaluator;

import eu.etaxonomy.cdm.persistence.hibernate.permission.Operation;

import eu.etaxonomy.cdm.persistence.query.MatchMode;

@DataSet

public class SecurityTest extends AbstractSecurityTestBase{

    private static final Logger logger = Logger.getLogger(SecurityTest.class);

    @SpringBeanByType

    private ITaxonService taxonService;

    @SpringBeanByType

    private INameService nameService;

    @SpringBeanByType

    private IReferenceService referenceService;

    @SpringBeanByType

    private ITaxonNodeService taxonNodeService;

    @SpringBeanByType

    private IDescriptionService descriptionService;

    @SpringBeanByType

    private IUserService userService;

    @SpringBeanByType

    private IClassificationService classificationService;

    @SpringBeanByType

    private AuthenticationManager authenticationManager;

    @SpringBeanByType

    private SaltSource saltSource;

    @SpringBeanByType

    private PasswordEncoder passwordEncoder;

    @SpringBean("cdmPermissionEvaluator")

    private CdmPermissionEvaluator permissionEvaluator;

    @TestDataSource

    protected DataSource dataSource;

    private Authentication authentication;

    /**

     * no assertions in this test, since it is only used to create password hashes for test data

     */

    @Test

    public void testEncryptPassword(){

        String password = PASSWORD_ADMIN;

        User user = User.NewInstance("userManager", "");

        Object salt = this.saltSource.getSalt(user);

        String passwordEncrypted = passwordEncoder.encodePassword(password, salt);

        logger.info("encrypted password: " + passwordEncrypted );

    }

    @Test

    @DataSet

    public void testHasPermission(){

        Taxon taxon = Taxon.NewInstance(BotanicalName.NewInstance(Rank.GENUS()),null);

        authentication = authenticationManager.authenticate(tokenForTaxonomist);

        boolean hasPermission = permissionEvaluator.hasPermission(authentication, taxon, Operation.UPDATE);

        assertTrue(hasPermission);

        authentication = authenticationManager.authenticate(tokenForDescriptionEditor);

        hasPermission = permissionEvaluator.hasPermission(authentication, taxon, Operation.UPDATE);

        assertFalse(hasPermission);

    }

    @Test

    @DataSet

    public void testListByUsernameAllow(){

        authentication = authenticationManager.authenticate(tokenForTaxonomist);

        SecurityContext context = SecurityContextHolder.getContext();

        context.setAuthentication(authentication);

        List<User> userList = userService.listByUsername("Editor", MatchMode.ANYWHERE, null, null, 0, null, null);

        Assert.assertTrue("The user list must have elements", userList.size() > 0 );

    }

    @Test

    @DataSet

    public void testUserService_CreateDeny(){

        authentication = authenticationManager.authenticate(tokenForTaxonomist);

        SecurityContext context = SecurityContextHolder.getContext();

        context.setAuthentication(authentication);

        RuntimeException exception = null;

        try {

            userService.createUser(User.NewInstance("new guy", "alkjdsfalkj"));

            commitAndStartNewTransaction(null);

        } catch (AccessDeniedException e){

            logger.debug("Expected failure of evaluation.", e);

            exception = e;

        } catch (RuntimeException e){

            exception = findThrowableOfTypeIn(PermissionDeniedException.class, e);

            logger.debug("Expected failure of evaluation.", e);

        } finally {

            // needed in case saveOrUpdate was interrupted by the RuntimeException

            // commitAndStartNewTransaction() would raise an UnexpectedRollbackException

            endTransaction();

            startNewTransaction();

        }

        Assert.assertNotNull("Must fail here!", exception);

    }

    @Test

    @DataSet

    public void testUserService_CreateAllow(){

        authentication = authenticationManager.authenticate(tokenForUserManager);

        SecurityContext context = SecurityContextHolder.getContext();

        context.setAuthentication(authentication);

        RuntimeException exception = null;

        try {

            userService.createUser(User.NewInstance("new guy", "alkjdsfalkj"));

            commitAndStartNewTransaction(null);

        } catch (AccessDeniedException e){

            logger.error("Unexpected failure of evaluation.", e);

            exception = e;

        } catch (RuntimeException e){

            exception = findThrowableOfTypeIn(PermissionDeniedException.class, e);

            logger.error("unexpected failure of evaluation.", exception);

        } finally {

            // needed in case saveOrUpdate was interrupted by the RuntimeException

            // commitAndStartNewTransaction() would raise an UnexpectedRollbackException

            endTransaction();

            startNewTransaction();

        }

        Assert.assertNull("Must not fail here!", exception);

    }

    @Test

    @DataSet

    @Ignore // FIXME http://dev.e-taxonomy.eu/trac/ticket/3098

    public void testHasPermissions(){

        Taxon taxon = Taxon.NewInstance(BotanicalName.NewInstance(Rank.GENUS()),null);

        authentication = authenticationManager.authenticate(tokenForTaxonomist);

        boolean hasPermission = permissionEvaluator.hasPermission(authentication, taxon, Operation.ALL);

        assertTrue(hasPermission);

    }

    /**

     * Test method for {@link eu.etaxonomy.cdm.api.service.TaxonServiceImpl#saveTaxon(eu.etaxonomy.cdm.model.taxon.TaxonBase)}.

     */

    @Test

    public final void testSaveTaxon() {

        authentication = authenticationManager.authenticate(tokenForAdmin);

        SecurityContext context = SecurityContextHolder.getContext();

        context.setAuthentication(authentication);

        Taxon expectedTaxon = Taxon.NewInstance(BotanicalName.NewInstance(Rank.SPECIES()), null);

        expectedTaxon.getName().setTitleCache("Newby admin", true);

        UUID uuid = taxonService.save(expectedTaxon).getUuid();

        commitAndStartNewTransaction(null);

        TaxonBase<?> actualTaxon = taxonService.load(uuid);

        assertEquals(expectedTaxon, actualTaxon);

        authentication = authenticationManager.authenticate(tokenForTaxonEditor);

        context = SecurityContextHolder.getContext();

        context.setAuthentication(authentication);

        expectedTaxon = Taxon.NewInstance(BotanicalName.NewInstance(Rank.GENUS()), null);

        expectedTaxon.getName().setTitleCache("Newby taxonEditor", true);

        uuid = taxonService.saveOrUpdate(expectedTaxon);

        commitAndStartNewTransaction(null);

        actualTaxon = taxonService.load(uuid);

        assertEquals(expectedTaxon, actualTaxon);

    }

    @Test

    public final void testSaveNameAllow() {

        authentication = authenticationManager.authenticate(tokenForTaxonEditor);

        SecurityContext context = SecurityContextHolder.getContext();

        context.setAuthentication(authentication);

        ZoologicalName newName = ZoologicalName.NewInstance(Rank.SPECIES());

        newName.setTitleCache("Newby taxonEditor", true);

        UUID uuid = nameService.saveOrUpdate(newName);

        commitAndStartNewTransaction(null);

        TaxonNameBase savedName = nameService.load(uuid);

        assertEquals(newName, savedName);

    }