Google Git
Sign in
eclipse / emf-store / org.eclipse.emf.emfstore.core / a10993124ed718e5779248d64e4803c5b61ffe76 / . / tests / org.eclipse.emf.emfstore.server.test / src / org / eclipse / emf / emfstore / server / accesscontrol / test / DefaultESAuthorizationServiceTests.java
blob: 921bc68c300d001453e0957ac8c1bd2538a6cc99 [file] [log] [blame]
/*******************************************************************************
* Copyright (c) 2011-2017 EclipseSource Muenchen GmbH and others.
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* Contributors:
* Johannes Faltermeier - initial API and implementation
******************************************************************************/
package org.eclipse.emf.emfstore.server.accesscontrol.test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import java.util.Collections;
import java.util.Set;
import org.eclipse.emf.emfstore.client.test.common.mocks.DAOFacadeMock;
import org.eclipse.emf.emfstore.internal.server.accesscontrol.DefaultESAuthorizationService;
import org.eclipse.emf.emfstore.internal.server.accesscontrol.DefaultESOrgUnitResolverService;
import org.eclipse.emf.emfstore.internal.server.accesscontrol.Messages;
import org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.ACUserContainer;
import org.eclipse.emf.emfstore.internal.server.exceptions.AccessControlException;
import org.eclipse.emf.emfstore.internal.server.exceptions.SessionTimedOutException;
import org.eclipse.emf.emfstore.internal.server.impl.api.ESOrgUnitProviderImpl;
import org.eclipse.emf.emfstore.internal.server.model.ModelFactory;
import org.eclipse.emf.emfstore.internal.server.model.ProjectId;
import org.eclipse.emf.emfstore.internal.server.model.SessionId;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACGroup;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACUser;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.AccesscontrolFactory;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.Role;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.RolesFactory;
import org.eclipse.emf.emfstore.internal.server.model.impl.ProjectIdImpl;
import org.eclipse.emf.emfstore.internal.server.model.impl.SessionIdImpl;
import org.eclipse.emf.emfstore.internal.server.model.impl.api.ESOrgUnitRepositoryImpl;
import org.eclipse.emf.emfstore.server.auth.ESOrgUnitResolver;
import org.eclipse.emf.emfstore.server.auth.ESProjectAdminPrivileges;
import org.eclipse.emf.emfstore.server.auth.ESSessions;
import org.eclipse.emf.emfstore.server.model.ESOrgUnitProvider;
import org.junit.Before;
import org.junit.Test;
/**
* Unit tests for {@link DefaultESAuthorizationService}.
*/
@SuppressWarnings("restriction")
public class DefaultESAuthorizationServiceTests {
private TestSession sessions;
private DAOFacadeMock acDAOFacade;
private ESOrgUnitRepositoryImpl orgUnitRepository;
private ESOrgUnitProviderImpl orgUnitProvider;
private DefaultESOrgUnitResolverService orgUnitResolver;
private SessionIdImpl sessionId;
private ProjectIdImpl projectId;
@Before
public void before() {
sessions = new TestSession();
acDAOFacade = new DAOFacadeMock();
orgUnitRepository = new ESOrgUnitRepositoryImpl(acDAOFacade);
orgUnitProvider = new ESOrgUnitProviderImpl(orgUnitRepository);
orgUnitResolver = new DefaultESOrgUnitResolverService();
orgUnitResolver.init(orgUnitProvider);
sessionId = (SessionIdImpl) ModelFactory.eINSTANCE.createSessionId();
projectId = (ProjectIdImpl) ModelFactory.eINSTANCE.createProjectId();
}
@Test(expected = SessionTimedOutException.class)
public void testCheckProjectAdminAccessInvalidUserSession() throws AccessControlException {
/* setup */
final DefaultESAuthorizationService defaultESAuthorizationService = createServiceUnderTest(sessions,
orgUnitProvider, orgUnitResolver);
/* act */
try {
defaultESAuthorizationService.checkProjectAdminAccess(
sessionId.toAPI(),
projectId.toAPI(),
ESProjectAdminPrivileges.AssignRoleToOrgUnit);
}
/* assert */
catch (final SessionTimedOutException ex) {
assertEquals(Messages.AccessControlImpl_SessionID_Unknown, ex.getMessage());
throw ex;
}
}
@Test
public void testCheckProjectAdminAccessServerAdminDirect() throws AccessControlException {
/* setup */
final DefaultESAuthorizationService defaultESAuthorizationService = createServiceUnderTest(sessions,
orgUnitProvider, orgUnitResolver);
/* setup user */
final ACUser user = AccesscontrolFactory.eINSTANCE.createACUser();
acDAOFacade.add(user);
user.getRoles().add(writerRole(projectId));
user.getRoles().add(RolesFactory.eINSTANCE.createServerAdmin());
sessions.addUser(user, sessionId);
/* act */
assertTrue(defaultESAuthorizationService.checkProjectAdminAccess(
sessionId.toAPI(),
projectId.toAPI(),
ESProjectAdminPrivileges.AssignRoleToOrgUnit));
}
@Test
public void testCheckProjectAdminAccessServerAdminViaGroup() throws AccessControlException {
/* setup */
final DefaultESAuthorizationService defaultESAuthorizationService = createServiceUnderTest(sessions,
orgUnitProvider, orgUnitResolver);
/* setup user */
final ACUser user = AccesscontrolFactory.eINSTANCE.createACUser();
acDAOFacade.add(user);
user.getRoles().add(writerRole(projectId));
final ACGroup group = AccesscontrolFactory.eINSTANCE.createACGroup();
acDAOFacade.add(group);
group.getMembers().add(user);
group.getRoles().add(readerRole(projectId));
group.getRoles().add(RolesFactory.eINSTANCE.createServerAdmin());
sessions.addUser(user, sessionId);
/* act */
assertTrue(defaultESAuthorizationService.checkProjectAdminAccess(
sessionId.toAPI(),
projectId.toAPI(),
ESProjectAdminPrivileges.AssignRoleToOrgUnit));
}
@Test(expected = AccessControlException.class)
public void testCheckProjectAdminAccessNotProjectAdmin() throws AccessControlException {
/* setup */
final DefaultESAuthorizationService defaultESAuthorizationService = createServiceUnderTest(sessions,
orgUnitProvider, orgUnitResolver);
/* setup user */
final ACUser user = AccesscontrolFactory.eINSTANCE.createACUser();
acDAOFacade.add(user);
user.getRoles().add(writerRole(projectId));
final ACGroup group = AccesscontrolFactory.eINSTANCE.createACGroup();
acDAOFacade.add(group);
group.getMembers().add(user);
group.getRoles().add(readerRole(projectId));
sessions.addUser(user, sessionId);
/* act */
try {
defaultESAuthorizationService.checkProjectAdminAccess(
sessionId.toAPI(),
projectId.toAPI(),
ESProjectAdminPrivileges.AssignRoleToOrgUnit);
}
/* assert */
catch (final AccessControlException ex) {
assertEquals(Messages.AccessControlImpl_Insufficient_Rights, ex.getMessage());
throw ex;
}
}
@Test(expected = AccessControlException.class)
public void testCheckProjectAdminAccessInvalidPrivileg() throws AccessControlException {
/* setup */
final DefaultESAuthorizationService defaultESAuthorizationService = createServiceUnderTest(sessions,
orgUnitProvider, orgUnitResolver, Collections.singleton(ESProjectAdminPrivileges.AssignRoleToOrgUnit));
/* setup user */
final ACUser user = AccesscontrolFactory.eINSTANCE.createACUser();
acDAOFacade.add(user);
user.getRoles().add(writerRole(projectId));
user.getRoles().add(projectAdminRole(projectId));
final ACGroup group = AccesscontrolFactory.eINSTANCE.createACGroup();
acDAOFacade.add(group);
group.getMembers().add(user);
group.getRoles().add(readerRole(projectId));
sessions.addUser(user, sessionId);
/* act */
try {
defaultESAuthorizationService.checkProjectAdminAccess(
sessionId.toAPI(),
projectId.toAPI(),
ESProjectAdminPrivileges.AssignRoleToOrgUnit);
}
/* assert */
catch (final AccessControlException ex) {
assertEquals(Messages.AccessControlImpl_PARole_Missing_Privilege, ex.getMessage());
throw ex;
}
}
@Test
public void testCheckProjectAdminAccessNoProjectId() throws AccessControlException {
/* setup */
final DefaultESAuthorizationService defaultESAuthorizationService = createServiceUnderTest(sessions,
orgUnitProvider, orgUnitResolver);
/* setup user */
final ACUser user = AccesscontrolFactory.eINSTANCE.createACUser();
acDAOFacade.add(user);
user.getRoles().add(writerRole(projectId));
user.getRoles().add(projectAdminRole(projectId));
final ACGroup group = AccesscontrolFactory.eINSTANCE.createACGroup();
acDAOFacade.add(group);
group.getMembers().add(user);
group.getRoles().add(readerRole(projectId));
sessions.addUser(user, sessionId);
/* act */
assertFalse(defaultESAuthorizationService.checkProjectAdminAccess(
sessionId.toAPI(),
null,
ESProjectAdminPrivileges.AssignRoleToOrgUnit));
}
@Test(expected = AccessControlException.class)
public void testCheckProjectAdminAccessCannotAdministrate() throws AccessControlException {
/* setup */
final DefaultESAuthorizationService defaultESAuthorizationService = createServiceUnderTest(sessions,
orgUnitProvider, orgUnitResolver);
/* setup user */
final ACUser user = AccesscontrolFactory.eINSTANCE.createACUser();
acDAOFacade.add(user);
user.getRoles().add(writerRole(projectId));
user.getRoles().add(projectAdminRole(ModelFactory.eINSTANCE.createProjectId()));
final ACGroup group = AccesscontrolFactory.eINSTANCE.createACGroup();
acDAOFacade.add(group);
group.getMembers().add(user);
group.getRoles().add(readerRole(projectId));
group.getRoles().add(projectAdminRole(ModelFactory.eINSTANCE.createProjectId()));
sessions.addUser(user, sessionId);
/* act */
try {
defaultESAuthorizationService.checkProjectAdminAccess(
sessionId.toAPI(),
projectId.toAPI(),
ESProjectAdminPrivileges.AssignRoleToOrgUnit);
} catch (final AccessControlException ex) {
assertEquals(Messages.AccessControlImpl_PARole_Missing_Privilege, ex.getMessage());
throw ex;
}
}
@Test
public void testCheckProjectAdminAccessCanAdministrateByUser() throws AccessControlException {
/* setup */
final DefaultESAuthorizationService defaultESAuthorizationService = createServiceUnderTest(sessions,
orgUnitProvider, orgUnitResolver);
/* setup user */
final ACUser user = AccesscontrolFactory.eINSTANCE.createACUser();
acDAOFacade.add(user);
user.getRoles().add(writerRole(projectId));
user.getRoles().add(projectAdminRole(projectId));
final ACGroup group = AccesscontrolFactory.eINSTANCE.createACGroup();
acDAOFacade.add(group);
group.getMembers().add(user);
group.getRoles().add(readerRole(projectId));
group.getRoles().add(projectAdminRole(ModelFactory.eINSTANCE.createProjectId()));
sessions.addUser(user, sessionId);
/* act */
assertFalse(defaultESAuthorizationService.checkProjectAdminAccess(
sessionId.toAPI(),
projectId.toAPI(),
ESProjectAdminPrivileges.AssignRoleToOrgUnit));
}
@Test
public void testCheckProjectAdminAccessCanAdministrateByGroup() throws AccessControlException {
/* setup */
final DefaultESAuthorizationService defaultESAuthorizationService = createServiceUnderTest(sessions,
orgUnitProvider, orgUnitResolver);
/* setup user */
final ACUser user = AccesscontrolFactory.eINSTANCE.createACUser();
acDAOFacade.add(user);
user.getRoles().add(writerRole(projectId));
user.getRoles().add(projectAdminRole(ModelFactory.eINSTANCE.createProjectId()));
final ACGroup group = AccesscontrolFactory.eINSTANCE.createACGroup();
acDAOFacade.add(group);
group.getMembers().add(user);
group.getRoles().add(readerRole(projectId));
group.getRoles().add(projectAdminRole(projectId));
sessions.addUser(user, sessionId);
/* act */
assertFalse(defaultESAuthorizationService.checkProjectAdminAccess(
sessionId.toAPI(),
projectId.toAPI(),
ESProjectAdminPrivileges.AssignRoleToOrgUnit));
}
private static Role projectAdminRole(ProjectId projectId) {
return addProjectToRole(projectId, RolesFactory.eINSTANCE.createProjectAdminRole());
}
private static Role readerRole(ProjectId projectId) {
return addProjectToRole(projectId, RolesFactory.eINSTANCE.createReaderRole());
}
private static Role writerRole(ProjectId projectId) {
return addProjectToRole(projectId, RolesFactory.eINSTANCE.createWriterRole());
}
private static Role addProjectToRole(ProjectId projectId, final Role role) {
role.getProjects().add(projectId);
return role;
}
private static DefaultESAuthorizationService createServiceUnderTest(
final ESSessions sessions,
final ESOrgUnitProvider orgUnitProvider,
final ESOrgUnitResolver orgUnitResolver) {
return createServiceUnderTest(
sessions,
orgUnitProvider,
orgUnitResolver,
Collections.<ESProjectAdminPrivileges> emptySet());
}
private static DefaultESAuthorizationService createServiceUnderTest(
final ESSessions sessions,
final ESOrgUnitProvider orgUnitProvider,
final ESOrgUnitResolver orgUnitResolver,
final Set<ESProjectAdminPrivileges> invalidPrivileges) {
final DefaultESAuthorizationService defaultESAuthorizationService = new DefaultESAuthorizationService() {
@Override
protected boolean isProjectAdminPrivileg(ESProjectAdminPrivileges privileg) {
return !invalidPrivileges.contains(privileg);
}
};
defaultESAuthorizationService.init(sessions, orgUnitResolver, orgUnitProvider);
return defaultESAuthorizationService;
}
private static class TestSession extends ESSessions {
public void addUser(ACUser user, SessionId sessionId) {
sessionUserMap.put(
sessionId,
new ACUserContainer(user));
}
}
}