| /******************************************************************************* |
| * Copyright (c) 2011-2014 EclipseSource Muenchen GmbH and others. |
| * |
| * All rights reserved. This program and the accompanying materials |
| * are made available under the terms of the Eclipse Public License v1.0 |
| * which accompanies this distribution, and is available at |
| * http://www.eclipse.org/legal/epl-v10.html |
| * |
| * Contributors: |
| * Edgar - initial API and implementation |
| ******************************************************************************/ |
| package org.eclipse.emf.emfstore.server.accesscontrol.test; |
| |
| import static org.eclipse.emf.emfstore.client.test.common.util.ProjectUtil.share; |
| import static org.eclipse.emf.emfstore.client.test.common.util.ServerUtil.createGroup; |
| import static org.eclipse.emf.emfstore.client.test.common.util.ServerUtil.createUser; |
| import static org.eclipse.emf.emfstore.client.test.common.util.ServerUtil.deleteGroup; |
| import static org.junit.Assert.assertEquals; |
| import static org.junit.Assert.fail; |
| |
| import org.eclipse.emf.emfstore.client.test.common.dsl.Roles; |
| import org.eclipse.emf.emfstore.client.test.common.util.ServerUtil; |
| import org.eclipse.emf.emfstore.internal.client.model.ProjectSpace; |
| import org.eclipse.emf.emfstore.internal.client.model.impl.api.ESUsersessionImpl; |
| import org.eclipse.emf.emfstore.internal.server.exceptions.AccessControlException; |
| import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACOrgUnitId; |
| import org.eclipse.emf.emfstore.server.auth.ESProjectAdminPrivileges; |
| import org.eclipse.emf.emfstore.server.exceptions.ESException; |
| import org.junit.After; |
| import org.junit.AfterClass; |
| import org.junit.Before; |
| import org.junit.BeforeClass; |
| import org.junit.Test; |
| |
| /** |
| * Tests whether organizational units can be assigned to groups. |
| * |
| * @author emueller |
| * |
| */ |
| public class AssignOrgUnitToGroupTests extends ProjectAdminTest { |
| |
| @BeforeClass |
| public static void beforeClass() { |
| startEMFStoreWithPAProperties( |
| ESProjectAdminPrivileges.ShareProject, |
| ESProjectAdminPrivileges.AssignRoleToOrgUnit, |
| ESProjectAdminPrivileges.ChangeAssignmentsOfOrgUnits); |
| } |
| |
| @AfterClass |
| public static void afterClass() { |
| stopEMFStore(); |
| } |
| |
| @Override |
| @After |
| public void after() { |
| try { |
| deleteGroup(getSuperUsersession(), getNewGroupName()); |
| deleteGroup(getSuperUsersession(), getNewOtherGroupName()); |
| } catch (final ESException ex) { |
| fail(ex.getMessage()); |
| } |
| super.after(); |
| } |
| |
| @Override |
| @Before |
| public void before() { |
| super.before(); |
| } |
| |
| @Test(expected = AccessControlException.class) |
| public void addMemberToGroupWhichBelongsToOtherProject() throws ESException { |
| makeUserPA(); |
| share(getSuperUsersession(), getLocalProject()); |
| final ACOrgUnitId newUser = createUser(getSuperUsersession(), getNewUsername()); |
| final ACOrgUnitId group = createGroup(getSuperUsersession(), getNewGroupName()); |
| |
| share(getUsersession(), getLocalProject()); |
| final ProjectSpace clonedProjectSpace = cloneProjectSpace(getProjectSpace()); |
| share(getSuperUsersession(), clonedProjectSpace.toAPI()); |
| |
| getSuperAdminBroker().changeRole(clonedProjectSpace.getProjectId(), group, Roles.writer()); |
| |
| // fails |
| getAdminBroker().addMember(group, newUser); |
| } |
| |
| @Test(expected = AccessControlException.class) |
| public void removeMemberFromGroupWhichBelongsToOtherProject() throws ESException { |
| makeUserPA(); |
| share(getSuperUsersession(), getLocalProject()); |
| final ACOrgUnitId newUser = createUser(getSuperUsersession(), getNewUsername()); |
| final ACOrgUnitId group = createGroup(getSuperUsersession(), getNewGroupName()); |
| |
| share(getUsersession(), getLocalProject()); |
| final ProjectSpace clonedProjectSpace = cloneProjectSpace(getProjectSpace()); |
| share(getSuperUsersession(), clonedProjectSpace.toAPI()); |
| |
| getSuperAdminBroker().changeRole(clonedProjectSpace.getProjectId(), group, Roles.writer()); |
| |
| getSuperAdminBroker().addMember(group, newUser); |
| getAdminBroker().removeMember(group, newUser); |
| } |
| |
| @Test |
| public void removeMemberFromGroupWithProject() throws ESException { |
| makeUserPA(); |
| share(getUsersession(), getLocalProject()); |
| final ACOrgUnitId newUser = createUser(getSuperUsersession(), getNewUsername()); |
| final ACOrgUnitId group = createGroup(getSuperUsersession(), getNewGroupName()); |
| |
| getAdminBroker().changeRole(getProjectSpace().getProjectId(), group, Roles.writer()); |
| |
| getAdminBroker().addMember(group, newUser); |
| getAdminBroker().removeMember(group, newUser); |
| assertEquals(0, getAdminBroker().getMembers(group).size()); |
| } |
| |
| @Test |
| public void addMemberToGroup() throws ESException { |
| makeUserPA(); |
| final ACOrgUnitId newUser = createUser(getSuperUsersession(), getNewUsername()); |
| final ACOrgUnitId group = createGroup(getSuperUsersession(), getNewGroupName()); |
| getAdminBroker().addMember(group, newUser); |
| assertEquals(1, getAdminBroker().getMembers(group).size()); |
| } |
| |
| @Test |
| public void addParticipantAsPA() throws ESException { |
| makeUserPA(); |
| final ACOrgUnitId newUserId = ServerUtil.createUser(getSuperUsersession(), getNewUsername()); |
| share(getUsersession(), getLocalProject()); |
| final int oldSize = getAdminBroker().getParticipants(getProjectSpace().getProjectId()).size(); |
| getAdminBroker().addParticipant(getProjectSpace().getProjectId(), newUserId, Roles.reader()); |
| assertEquals(oldSize + 1, getAdminBroker().getParticipants(getProjectSpace().getProjectId()).size()); |
| } |
| |
| @Test |
| public void addReaderToDifferentProjectsAsPA() throws ESException { |
| makeUserPA(); |
| final ACOrgUnitId newUserId = ServerUtil.createUser(getSuperUsersession(), getNewUsername()); |
| share(getUsersession(), getLocalProject()); |
| final int oldSize = getAdminBroker().getParticipants(getProjectSpace().getProjectId()).size(); |
| |
| final ProjectSpace clonedProjectSpace = cloneProjectSpace(getProjectSpace()); |
| share(getUsersession(), clonedProjectSpace.toAPI()); |
| |
| getAdminBroker().addParticipant(getProjectSpace().getProjectId(), newUserId, Roles.reader()); |
| getAdminBroker().addParticipant(clonedProjectSpace.getProjectId(), newUserId, Roles.reader()); |
| assertEquals(oldSize + 1, getAdminBroker().getParticipants(getProjectSpace().getProjectId()).size()); |
| } |
| |
| @Test |
| public void addParticipantTwiceAsPA() throws ESException { |
| makeUserPA(); |
| final ACOrgUnitId newUserId = ServerUtil.createUser(getSuperUsersession(), getNewUsername()); |
| share(getUsersession(), getLocalProject()); |
| final int oldSize = getAdminBroker().getParticipants(getProjectSpace().getProjectId()).size(); |
| getAdminBroker().addParticipant(getProjectSpace().getProjectId(), newUserId, Roles.reader()); |
| getAdminBroker().addParticipant(getProjectSpace().getProjectId(), newUserId, Roles.reader()); |
| assertEquals(oldSize + 1, getAdminBroker().getParticipants(getProjectSpace().getProjectId()).size()); |
| } |
| |
| @Test(expected = AccessControlException.class) |
| public void addParticipantSAasPA() throws ESException { |
| makeUserPA(); |
| final ACOrgUnitId newUserId = ServerUtil.createUser(getSuperUsersession(), getNewUsername()); |
| share(getUsersession(), getLocalProject()); |
| final int oldSize = getAdminBroker().getParticipants(getProjectSpace().getProjectId()).size(); |
| getAdminBroker().addParticipant(getProjectSpace().getProjectId(), newUserId, Roles.serverAdmin()); |
| assertEquals(oldSize + 1, getAdminBroker().getParticipants(getProjectSpace().getProjectId()).size()); |
| } |
| |
| @Test(expected = AccessControlException.class) |
| public void addParticipantNotPA() throws ESException { |
| final ACOrgUnitId newUserId = ServerUtil.createUser(getSuperUsersession(), getNewUsername()); |
| share(getUsersession(), getLocalProject()); |
| getAdminBroker().addParticipant(getProjectSpace().getProjectId(), newUserId, Roles.reader()); |
| } |
| |
| @Test |
| public void removeParticipantPA() throws ESException { |
| makeUserPA(); |
| final ACOrgUnitId newUserId = ServerUtil.createUser(getSuperUsersession(), getNewUsername()); |
| share(getUsersession(), getLocalProject()); |
| getAdminBroker().addParticipant(getProjectSpace().getProjectId(), newUserId, Roles.reader()); |
| final int oldSize = getAdminBroker().getParticipants(getProjectSpace().getProjectId()).size(); |
| getAdminBroker().removeParticipant(getProjectSpace().getProjectId(), newUserId); |
| assertEquals(oldSize - 1, getAdminBroker().getParticipants(getProjectSpace().getProjectId()).size()); |
| } |
| |
| @Test(expected = AccessControlException.class) |
| public void removeParticipantNotPA() throws ESException { |
| makeUserPA(); |
| final ACOrgUnitId newUserId = ServerUtil.createUser(getSuperUsersession(), getNewUsername()); |
| share(getUsersession(), getLocalProject()); |
| getAdminBroker().addParticipant(getProjectSpace().getProjectId(), newUserId, Roles.reader()); |
| // downgrade project admin |
| getAdminBroker().changeRole(getProjectSpace().getProjectId(), |
| ESUsersessionImpl.class.cast(getUsersession()).toInternalAPI().getACUser().getId(), |
| Roles.writer()); |
| getAdminBroker().removeParticipant(getProjectSpace().getProjectId(), newUserId); |
| } |
| } |
