Revision dac80b4a
Added by Katja Luther almost 13 years ago
cdmlib-services/src/test/java/eu/etaxonomy/cdm/api/service/SecurityTest.java | ||
---|---|---|
1 | 1 |
package eu.etaxonomy.cdm.api.service; |
2 | 2 |
|
3 | 3 |
import static org.junit.Assert.assertEquals; |
4 |
import static org.junit.Assert.assertFalse; |
|
5 |
import static org.junit.Assert.assertTrue; |
|
4 | 6 |
|
5 | 7 |
|
6 | 8 |
import java.util.Iterator; |
... | ... | |
18 | 20 |
|
19 | 21 |
import org.springframework.security.authentication.AuthenticationManager; |
20 | 22 |
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; |
23 |
import org.springframework.security.authentication.dao.ReflectionSaltSource; |
|
24 |
import org.springframework.security.authentication.encoding.Md5PasswordEncoder; |
|
21 | 25 |
import org.springframework.security.core.Authentication; |
22 | 26 |
import org.springframework.security.core.context.SecurityContext; |
23 | 27 |
import org.springframework.security.core.context.SecurityContextHolder; |
... | ... | |
44 | 48 |
import eu.etaxonomy.cdm.model.name.Rank; |
45 | 49 |
import eu.etaxonomy.cdm.model.taxon.Taxon; |
46 | 50 |
import eu.etaxonomy.cdm.model.taxon.TaxonBase; |
51 |
import eu.etaxonomy.cdm.model.taxon.TaxonNode; |
|
52 |
import eu.etaxonomy.cdm.permission.CdmPermissionEvaluator; |
|
47 | 53 |
|
48 | 54 |
import org.springframework.security.access.AccessDeniedException; |
49 | 55 |
|
... | ... | |
85 | 91 |
*/ |
86 | 92 |
@Test |
87 | 93 |
public final void testSaveTaxon() { |
94 |
/* |
|
95 |
Md5PasswordEncoder encoder =new Md5PasswordEncoder(); |
|
96 |
ReflectionSaltSource saltSource = new ReflectionSaltSource(); |
|
97 |
saltSource.setUserPropertyToUse("getUsername"); |
|
98 |
User user = User.NewInstance("partEditor", "test4"); |
|
99 |
System.err.println(encoder.encodePassword("test4", saltSource.getSalt(user))); |
|
88 | 100 |
|
101 |
*/ |
|
89 | 102 |
authentication = authenticationManager.authenticate(token); |
90 | 103 |
SecurityContext context = SecurityContextHolder.getContext(); |
91 | 104 |
context.setAuthentication(authentication); |
... | ... | |
94 | 107 |
UUID uuid = taxonService.save(expectedTaxon); |
95 | 108 |
TaxonBase<?> actualTaxon = taxonService.find(uuid); |
96 | 109 |
assertEquals(expectedTaxon, actualTaxon); |
110 |
|
|
111 |
token = new UsernamePasswordAuthenticationToken("taxonEditor", "test2"); |
|
112 |
authentication = authenticationManager.authenticate(token); |
|
113 |
context = SecurityContextHolder.getContext(); |
|
114 |
context.setAuthentication(authentication); |
|
115 |
expectedTaxon = Taxon.NewInstance(BotanicalName.NewInstance(Rank.GENUS()), null); |
|
116 |
taxonService.save(actualTaxon); |
|
117 |
|
|
118 |
|
|
97 | 119 |
} |
98 | 120 |
@Test |
99 | 121 |
public void testUpdateUser(){ |
... | ... | |
109 | 131 |
user.setEmailAddress("test@bgbm.org"); |
110 | 132 |
|
111 | 133 |
userService.updateUser(user); |
112 |
//userService.update(user);
|
|
134 |
userService.update(user); |
|
113 | 135 |
userService.saveOrUpdate(user); |
114 | 136 |
} |
115 | 137 |
|
... | ... | |
124 | 146 |
assertEquals(expectedTaxon, actualTaxon); |
125 | 147 |
|
126 | 148 |
actualTaxon.setName(BotanicalName.NewInstance(Rank.SPECIES())); |
127 |
try{ |
|
128 |
taxonService.saveOrUpdate(actualTaxon); |
|
129 |
}catch(Exception e){ |
|
130 |
Assert.fail(); |
|
131 |
} |
|
149 |
taxonService.saveOrUpdate(actualTaxon); |
|
150 |
|
|
151 |
token = new UsernamePasswordAuthenticationToken("taxonEditor", "test2"); |
|
152 |
authentication = authenticationManager.authenticate(token); |
|
153 |
context = SecurityContextHolder.getContext(); |
|
154 |
context.setAuthentication(authentication); |
|
155 |
actualTaxon = taxonService.find(uuid); |
|
156 |
actualTaxon.setName(BotanicalName.NewInstance(Rank.GENUS())); |
|
157 |
taxonService.saveOrUpdate(actualTaxon); |
|
158 |
|
|
159 |
} |
|
160 |
|
|
161 |
@Test |
|
162 |
public void testDeleteTaxon(){ |
|
163 |
token = new UsernamePasswordAuthenticationToken("taxonomist", "test3"); |
|
164 |
authentication = authenticationManager.authenticate(token); |
|
165 |
SecurityContext context = SecurityContextHolder.getContext(); |
|
166 |
context.setAuthentication(authentication); |
|
167 |
Taxon actualTaxon = (Taxon)taxonService.find(UUID.fromString("7b8b5cb3-37ba-4dba-91ac-4c6ffd6ac331")); |
|
168 |
|
|
169 |
taxonService.delete(actualTaxon); |
|
132 | 170 |
} |
133 | 171 |
|
134 | 172 |
|
... | ... | |
160 | 198 |
iterator = descriptions.iterator(); |
161 | 199 |
|
162 | 200 |
description = iterator.next(); |
163 |
|
|
201 |
assertEquals(1,description.getElements().iterator().next().getMedia().size()); |
|
164 | 202 |
//taxonService.saveOrUpdate(taxon); |
165 | 203 |
} |
204 |
|
|
205 |
@Test |
|
206 |
public void testAllowOnlyAccessToPartOfTree(){ |
|
207 |
authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("partEditor", "test4")); |
|
208 |
SecurityContext context = SecurityContextHolder.getContext(); |
|
209 |
context.setAuthentication(authentication); |
|
210 |
|
|
211 |
Taxon tribe = (Taxon)taxonService.find(UUID.fromString("928a0167-98cd-4555-bf72-52116d067625")); |
|
212 |
Iterator<TaxonNode> it = tribe.getTaxonNodes().iterator(); |
|
213 |
TaxonNode node = it.next(); |
|
214 |
|
|
215 |
CdmPermissionEvaluator permissionEvaluator = new CdmPermissionEvaluator(); |
|
216 |
assertFalse(permissionEvaluator.hasPermission(authentication, node, "UPDATE")); |
|
217 |
node = node.getChildNodes().iterator().next(); |
|
218 |
System.err.println(node.getUuid()); |
|
219 |
assertTrue(permissionEvaluator.hasPermission(authentication, node, "UPDATE")); |
|
220 |
node = node.getChildNodes().iterator().next(); |
|
221 |
assertTrue(permissionEvaluator.hasPermission(authentication, node, "UPDATE")); |
|
222 |
|
|
223 |
|
|
224 |
} |
|
166 | 225 |
} |
Also available in: Unified diff