Google Git
Sign in
eclipse / emf-store / org.eclipse.emf.emfstore.core / 18e434967f742f73dc8513c179369215af93d7f0 / . / tests / org.eclipse.emf.emfstore.server.test / src / org / eclipse / emf / emfstore / server / accesscontrol / test / AssignRoleToOrgUnitTests.java
blob: 6cc42837af4554fc4a44af86c55aaccd267cb64a [file] [log] [blame]
/*******************************************************************************
* Copyright (c) 2011-2014 EclipseSource Muenchen GmbH and others.
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* Contributors:
* Edgar - initial API and implementation
******************************************************************************/
package org.eclipse.emf.emfstore.server.accesscontrol.test;
import static org.eclipse.emf.emfstore.client.test.common.util.ProjectUtil.share;
import static org.eclipse.emf.emfstore.client.test.common.util.ServerUtil.createUser;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import org.eclipse.emf.emfstore.client.test.common.dsl.Roles;
import org.eclipse.emf.emfstore.client.test.common.util.ProjectUtil;
import org.eclipse.emf.emfstore.client.test.common.util.ServerUtil;
import org.eclipse.emf.emfstore.internal.client.model.ProjectSpace;
import org.eclipse.emf.emfstore.internal.client.model.impl.api.ESUsersessionImpl;
import org.eclipse.emf.emfstore.internal.server.exceptions.AccessControlException;
import org.eclipse.emf.emfstore.internal.server.model.ProjectId;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACGroup;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACOrgUnitId;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACUser;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.ReaderRole;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.RolesPackage;
import org.eclipse.emf.emfstore.internal.server.model.impl.api.ESGlobalProjectIdImpl;
import org.eclipse.emf.emfstore.server.auth.ESProjectAdminPrivileges;
import org.eclipse.emf.emfstore.server.exceptions.ESException;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
/**
* Test the {@link ESProjectAdminPrivileges#AssignRoleToOrgUnit} privilege of a
* {@link org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.ProjectAdminRole ProjectAdminRole}.
*
* @author emueller
*
*/
public class AssignRoleToOrgUnitTests extends ProjectAdminTest {
@BeforeClass
public static void beforeClass() {
startEMFStoreWithPAProperties(
ESProjectAdminPrivileges.ShareProject,
ESProjectAdminPrivileges.AssignRoleToOrgUnit);
}
@AfterClass
public static void afterClass() {
stopEMFStore();
}
@After
@Override
public void after() {
try {
ServerUtil.deleteGroup(getSuperUsersession(), getNewGroupName());
} catch (final ESException ex) {
fail(ex.getMessage());
}
super.after();
}
@Test
public void assignReaderRolePA() throws ESException {
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
makeUserPA();
getAdminBroker().assignRole(newUser, RolesPackage.eINSTANCE.getReaderRole());
final ACUser user = ServerUtil.getUser(getSuperUsersession(), getNewUsername());
assertTrue(hasReaderRole(user.getId()));
}
@Test
public void changeRoleAsPAWithUserBeingMemberOfOtherProject() throws ESException {
final ACOrgUnitId newUser = createUser(getSuperUsersession(), getNewUsername());
makeUserPA();
share(getUsersession(), getLocalProject());
final ProjectId projectId = ESGlobalProjectIdImpl.class.cast(
getLocalProject().getGlobalProjectId()).toInternalAPI();
final ProjectId secondProjectId = ESGlobalProjectIdImpl.class.cast(
share(getSuperUsersession(), getLocalProject())).toInternalAPI();
getAdminBroker().addParticipant(projectId, newUser, Roles.writer());
getSuperAdminBroker().addParticipant(secondProjectId, newUser, Roles.writer());
getAdminBroker().changeRole(projectId, newUser, Roles.reader());
final ACUser user = ServerUtil.getUser(getSuperUsersession(), getNewUsername());
assertTrue(hasReaderRole(user.getId()));
}
/**
* Tries to remove an user as a project admin, where the user to be removed
* is also a project admin.
*/
@Test(expected = AccessControlException.class)
public void removeParticipantAsPAWithParticipantBeingPAToo() throws ESException {
final ACOrgUnitId newUserId = createUser(getSuperUsersession(), getNewUsername());
makeUserPA();
share(getUsersession(), getLocalProject());
final ProjectId projectId = ESGlobalProjectIdImpl.class.cast(
getLocalProject().getGlobalProjectId()).toInternalAPI();
getAdminBroker().addParticipant(projectId, newUserId, Roles.projectAdmin());
getAdminBroker().removeParticipant(projectId, newUserId);
}
/**
* Tries to change the role of an user as a project admin, where the user whose roles
* to be changed is also a project admin.
*/
@Test(expected = AccessControlException.class)
public void changeRoleAsPAWithUserBeingPAToo() throws ESException {
final ACOrgUnitId newUserId = createUser(getSuperUsersession(), getNewUsername());
makeUserPA();
share(getUsersession(), getLocalProject());
final ProjectId projectId = ESGlobalProjectIdImpl.class.cast(
getLocalProject().getGlobalProjectId()).toInternalAPI();
getAdminBroker().addParticipant(projectId, newUserId, Roles.projectAdmin());
getAdminBroker().changeRole(projectId, newUserId, Roles.writer());
}
@Test
public void changeRoleAsPAWithGroupBeingMemberOfOtherProject() throws ESException {
final ACOrgUnitId newGroup = ServerUtil.createGroup(getSuperUsersession(), getNewGroupName());
makeUserPA();
share(getUsersession(), getLocalProject());
final ProjectId projectId = ESGlobalProjectIdImpl.class.cast(
getLocalProject().getGlobalProjectId()).toInternalAPI();
final ProjectId secondProjectId = ESGlobalProjectIdImpl.class.cast(
share(getSuperUsersession(), getLocalProject())).toInternalAPI();
getAdminBroker().addParticipant(projectId, newGroup, Roles.writer());
getSuperAdminBroker().addParticipant(secondProjectId, newGroup, Roles.writer());
getAdminBroker().changeRole(projectId, newGroup, Roles.reader());
final ACGroup group = ServerUtil.getGroup(getSuperUsersession(), getNewGroupName());
assertTrue(hasReaderRole(group.getId()));
}
@Test
public void changeRoleToReaderPA() throws ESException {
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
makeUserPA();
ProjectUtil.share(getUsersession(), getLocalProject());
getAdminBroker().changeRole(getProjectSpace().getProjectId(), newUser, Roles.reader());
final ACUser user = ServerUtil.getUser(getUsersession(), getNewUsername());
assertTrue(hasReaderRole(user.getId()));
}
@Test
public void getRolePA() throws ESException {
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
makeUserPA();
ProjectUtil.share(getUsersession(), getLocalProject());
getAdminBroker().changeRole(getProjectSpace().getProjectId(), newUser, Roles.reader());
final ACUser user = ServerUtil.getUser(getUsersession(), getNewUsername());
assertTrue(getAdminBroker().getRole(getProjectSpace().getProjectId(), user.getId()) instanceof ReaderRole);
}
@Test
public void changeRoleToWriterPA() throws ESException {
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
makeUserPA();
ProjectUtil.share(getUsersession(), getLocalProject());
getAdminBroker().changeRole(getProjectSpace().getProjectId(), newUser, Roles.writer());
final ACUser user = ServerUtil.getUser(getUsersession(), getNewUsername());
assertTrue(hasWriterRole(user.getId()));
}
@Test
public void changeRoleToProjectAdminPA() throws ESException {
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
makeUserPA();
ProjectUtil.share(getUsersession(), getLocalProject());
getAdminBroker().changeRole(getProjectSpace().getProjectId(), newUser, Roles.projectAdmin());
final ACUser user = ServerUtil.getUser(getUsersession(), getNewUsername());
assertTrue(hasProjectAdminRole(user.getId()));
}
@Test(expected = AccessControlException.class)
public void changeRoleToProjectAdminNotPA() throws ESException {
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
ProjectUtil.share(getSuperUsersession(), getLocalProject());
getAdminBroker().changeRole(getProjectSpace().getProjectId(), newUser, Roles.projectAdmin());
}
@Test
public void assignPAAsPA() throws ESException {
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
makeUserPA();
getAdminBroker().assignRole(newUser, Roles.projectAdmin());
final ACUser user = ServerUtil.getUser(getSuperUsersession(), getNewUsername());
assertTrue(hasProjectAdminRole(user.getId()));
}
@Test(expected = AccessControlException.class)
public void assignRoleServerAdminPA() throws ESException {
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
makeUserPA();
getAdminBroker().assignRole(newUser, Roles.serverAdmin());
}
@Test
public void changeRoleToWriterAsPA() throws ESException {
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
makeUserPA();
ProjectUtil.share(getUsersession(), getLocalProject());
getAdminBroker().changeRole(getProjectSpace().getProjectId(), newUser, Roles.writer());
final ACUser user = ServerUtil.getUser(getUsersession(), getNewUsername());
assertTrue(hasRole(user.getId(), Roles.writer()));
}
@Test
public void changeRoleToSAAsSA() throws ESException {
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
makeUserSA();
ProjectUtil.share(getUsersession(), getLocalProject());
getAdminBroker().changeRole(getProjectSpace().getProjectId(), newUser, Roles.serverAdmin());
final ACUser user = ServerUtil.getUser(getUsersession(), getNewUsername());
assertTrue(hasRole(user.getId(), Roles.serverAdmin()));
}
@Test
public void changeRoleToSAViaGroupAsSA() throws ESException {
final ACOrgUnitId newGroup = ServerUtil.createGroup(getSuperUsersession(), getNewGroupName());
makeUserPA();
ProjectUtil.share(getSuperUsersession(), getLocalProject());
final ACOrgUnitId id = ((ESUsersessionImpl) getUsersession()).toInternalAPI().getACUser().getId();
getSuperAdminBroker().addMember(newGroup, id);
getSuperAdminBroker().changeRole(getProjectSpace().getProjectId(), newGroup, Roles.serverAdmin());
final ACOrgUnitId createUser2 = getAdminBroker().createUser("foo"); //$NON-NLS-1$
getAdminBroker().changeRole(getProjectSpace().getProjectId(), createUser2, Roles.writer());
}
@Test
public void changeRoleToWriterOnDifferentProjectsAsPA() throws ESException {
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
makeUserPA();
ProjectUtil.share(getUsersession(), getLocalProject());
final ProjectSpace clonedProjectSpace = cloneProjectSpace(getProjectSpace());
final ProjectId projectId = ESGlobalProjectIdImpl.class.cast(
share(getUsersession(), clonedProjectSpace.toAPI())).toInternalAPI();
getAdminBroker().changeRole(getProjectSpace().getProjectId(), newUser, Roles.writer());
getAdminBroker().changeRole(
projectId,
newUser,
Roles.writer());
final ACUser user = ServerUtil.getUser(getUsersession(), getNewUsername());
assertEquals(2, user.getRoles().get(0).getProjects().size());
}
@Test
public void changeRoleToWriterAndThenToPAAsPA() throws ESException {
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
makeUserPA();
ProjectUtil.share(getUsersession(), getLocalProject());
getAdminBroker().changeRole(getProjectSpace().getProjectId(), newUser, RolesPackage.eINSTANCE.getWriterRole());
getAdminBroker().changeRole(getProjectSpace().getProjectId(), newUser,
RolesPackage.eINSTANCE.getProjectAdminRole());
final ACUser user = ServerUtil.getUser(getUsersession(), getNewUsername());
assertFalse(hasWriterRole(user.getId()));
}
@Test(expected = AccessControlException.class)
public void changeRoleToSAAsPA() throws ESException {
final ACOrgUnitId newUser = createUser(getSuperUsersession(), getNewUsername());
makeUserPA();
share(getUsersession(), getLocalProject());
getAdminBroker().changeRole(getProjectSpace().getProjectId(), newUser, Roles.serverAdmin());
}
@Test(expected = AccessControlException.class)
public void assignProjectAdminRoleNotPA() throws ESException {
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
getAdminBroker().assignRole(newUser, Roles.projectAdmin());
}
@Test(expected = AccessControlException.class)
public void assignWriterRoleNotPA() throws ESException {
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
getAdminBroker().assignRole(newUser, Roles.writer());
}
@Test(expected = AccessControlException.class)
public void assignReaderRoleNotPA() throws ESException {
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
getAdminBroker().assignRole(newUser, Roles.reader());
}
@Test
public void assignReaderRoleTwicePA() throws ESException {
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
makeUserPA();
getAdminBroker().assignRole(newUser, RolesPackage.eINSTANCE.getReaderRole());
getAdminBroker().assignRole(newUser, RolesPackage.eINSTANCE.getReaderRole());
final ACUser user = ServerUtil.getUser(getSuperUsersession(), getNewUsername());
assertTrue(hasReaderRole(user.getId()));
}
}