package com.constellio.model.services.security;
import static com.constellio.model.entities.security.CustomizedAuthorizationsBehavior.DETACH;
import static com.constellio.model.entities.security.Role.READ;
import static java.util.Arrays.asList;
import static org.assertj.core.api.Assertions.assertThat;
import java.util.Arrays;
import java.util.List;
import org.junit.After;
import org.junit.Test;
import com.constellio.model.entities.records.wrappers.Group;
import com.constellio.model.entities.records.wrappers.User;
import com.constellio.model.entities.security.Authorization;
import com.constellio.model.entities.security.CustomizedAuthorizationsBehavior;
import com.constellio.model.entities.security.Role;
import com.constellio.model.services.records.RecordServicesException;
import com.constellio.model.services.security.roles.RolesManagerRuntimeException;
import com.constellio.sdk.tests.annotations.SlowTest;
@SlowTest
public class AuthorizationsServicesLegacyAcceptanceTest extends BaseAuthorizationsServicesAcceptanceTest {
@After
public void checkIfARecordHasAnInvalidAuthorization() {
ensureNoRecordsHaveAnInvalidAuthorization();
}
@After
public void checkIfChuckNorrisHasAccessToEverythingInZeCollection()
throws Exception {
if (records != null) {
List<String> foldersWithReadFound = findAllFoldersAndDocuments(users.chuckNorrisIn(zeCollection));
List<String> foldersWithWriteFound = findAllFoldersAndDocumentsWithWritePermission(
users.chuckNorrisIn(zeCollection));
List<String> foldersWithDeleteFound = findAllFoldersAndDocumentsWithDeletePermission(
users.chuckNorrisIn(zeCollection));
assertThat(foldersWithReadFound).containsOnly(records.allFoldersAndDocumentsIds().toArray(new String[0]));
assertThat(foldersWithWriteFound).containsOnly(records.allFoldersAndDocumentsIds().toArray(new String[0]));
assertThat(foldersWithDeleteFound).containsOnly(records.allFoldersAndDocumentsIds().toArray(new String[0]));
}
}
@After
public void checkIfAliceSeeAndCanModifyEverythingInCollection2()
throws Exception {
if (otherCollectionRecords != null) {
List<String> foldersWithReadFound = findAllFoldersAndDocuments(users.aliceIn(anotherCollection));
List<String> foldersWithWriteFound = findAllFoldersAndDocumentsWithWritePermission(users.aliceIn(anotherCollection));
List<String> foldersWithDeleteFound = findAllFoldersAndDocumentsWithDeletePermission(
users.aliceIn(anotherCollection));
assertThat(foldersWithReadFound)
.containsOnly(otherCollectionRecords.allFoldersAndDocumentsIds().toArray(new String[0]));
assertThat(foldersWithWriteFound)
.containsOnly(otherCollectionRecords.allFoldersAndDocumentsIds().toArray(new String[0]));
assertThat(foldersWithDeleteFound).hasSize(0);
}
}
@After
public void checkIfBobSeeAndCanDeleteEverythingInCollection2()
throws Exception {
if (otherCollectionRecords != null) {
List<String> foldersWithReadFound = findAllFoldersAndDocuments(users.bobIn(anotherCollection));
List<String> foldersWithWriteFound = findAllFoldersAndDocumentsWithWritePermission(users.bobIn(anotherCollection));
List<String> foldersWithDeleteFound = findAllFoldersAndDocumentsWithDeletePermission(users.bobIn(anotherCollection));
assertThat(foldersWithReadFound)
.containsOnly(otherCollectionRecords.allFoldersAndDocumentsIds().toArray(new String[0]));
assertThat(foldersWithWriteFound).hasSize(0);
assertThat(foldersWithDeleteFound)
.containsOnly(otherCollectionRecords.allFoldersAndDocumentsIds().toArray(new String[0]));
}
}
@After
public void checkIfDakotaSeeAndCanDeleteEverythingInCollection2()
throws Exception {
if (otherCollectionRecords != null) {
List<String> foldersWithReadFound = findAllFoldersAndDocuments(users.dakotaIn(anotherCollection));
List<String> foldersWithWriteFound = findAllFoldersAndDocumentsWithWritePermission(users.dakotaIn(anotherCollection));
List<String> foldersWithDeleteFound = findAllFoldersAndDocumentsWithDeletePermission(
users.dakotaIn(anotherCollection));
assertThat(foldersWithReadFound)
.containsOnly(otherCollectionRecords.allFoldersAndDocumentsIds().toArray(new String[0]));
assertThat(foldersWithWriteFound).hasSize(0);
assertThat(foldersWithDeleteFound).hasSize(0);
}
}
@Test
//Basic security test
public void givenHeroesHaveReadAccessToCategory2ThenTheySeeFolder3AndFolder4()
throws Exception {
List<String> roles = asList(READ);
addAuthorizationWithoutDetaching(roles, asList(users.heroesIn(zeCollection).getId()),
records.taxo1_category2().getId());
waitForBatchProcess();
List<String> foundRecords = findAllFoldersAndDocuments(users.charlesIn(zeCollection));
assertThat(foundRecords).containsOnly(records.folder3().getId(), records.folder4().getId(), records.folder4_1().getId(),
records.folder4_2().getId(), records.folder3_doc1().getId(), records.folder4_1_doc1().getId(),
records.folder4_2_doc1().getId());
foundRecords = findAllFoldersAndDocuments(users.dakotaLIndienIn(zeCollection));
assertThat(foundRecords).containsOnly(records.folder3().getId(), records.folder4().getId(), records.folder4_1().getId(),
records.folder4_2().getId(), records.folder3_doc1().getId(), records.folder4_1_doc1().getId(),
records.folder4_2_doc1().getId());
}
@Test
//Basic security test
public void givenLegendsAndHeroesHaveAuthsWhenAddingAuthToGandalfThenGandalfInheritsBothGroupsAuthsAlongsideHisOwn()
throws Exception {
List<String> roles = asList(READ);
addAuthorizationWithoutDetaching(roles, asList(users.legendsIn(zeCollection).getId()), records.folder4().getId());
addAuthorizationWithoutDetaching(roles, asList(users.heroesIn(zeCollection).getId()), records.folder2().getId());
addAuthorizationWithoutDetaching(roles, asList(users.gandalfIn(zeCollection).getId()),
records.taxo1_category1().getId());
waitForBatchProcess();
List<String> foundRecords = findAllFoldersAndDocuments(users.gandalfIn(zeCollection));
assertThat(foundRecords).containsOnly(records.folder1().getId(), records.folder2().getId(), records.folder2_1().getId(),
records.folder2_2().getId(), records.folder1_doc1().getId(), records.folder2_2_doc1().getId(),
records.folder2_2_doc2().getId(), records.folder4().getId(), records.folder4_1().getId(),
records.folder4_2().getId(),
records.folder4_1_doc1().getId(), records.folder4_2_doc1().getId());
}
@Test
//Basic security test
public void givenBobHasReadAccessToFolder2_2_doc2ThenBobSeesOnlyFolder2_2_doc2()
throws Exception {
List<String> roles = asList(READ);
addAuthorizationWithoutDetaching(roles, asList(users.bobIn(zeCollection).getId()), records.folder2_2_doc2().getId());
waitForBatchProcess();
List<String> foundRecords = findAllFoldersAndDocuments(users.bobIn(zeCollection));
assertThat(foundRecords).containsOnly(records.folder2_2_doc2().getId());
}
@Test
public void givenLegendsHaveReadAuthToFolder2WhenGivingWriteAuthToAliceThenEdouardReadsFolder2AndAliceWritesFolder2()
throws Exception {
List<String> roles = Arrays.asList(READ);
addAuthorizationWithoutDetaching(roles, asList(users.legendsIn(zeCollection).getId()), records.folder2().getId());
roles = Arrays.asList(Role.WRITE);
detach(records.folder2().getId());
addAuthorizationWithoutDetaching(roles, asList(users.aliceIn(zeCollection).getId()), records.folder2().getId());
waitForBatchProcess();
List<String> foundRecords = findAllFoldersAndDocuments(users.edouardLechatIn(zeCollection));
assertThat(foundRecords).containsOnly(records.folder2().getId(), records.folder2_1().getId(), records.folder2_2().getId(),
records.folder2_2_doc1().getId(), records.folder2_2_doc2().getId());
foundRecords = findAllFoldersAndDocumentsWithWritePermission(users.aliceIn(zeCollection));
assertThat(foundRecords).containsOnly(records.folder2().getId(), records.folder2_1().getId(), records.folder2_2().getId(),
records.folder2_2_doc1().getId(), records.folder2_2_doc2().getId());
}
@Test
//Basic security test
public void givenHeroesAndAliceHaveAuthToCategory2AndEdouardHasAuthToCategory2_1ThenAllButBobSeeFolder3()
throws Exception {
List<String> roles = asList(READ);
addAuthorizationWithoutDetaching(roles, asList(users.heroesIn(zeCollection).getId(), users.aliceIn(zeCollection).getId()),
records.taxo1_category2().getId());
addAuthorizationWithoutDetaching(roles, asList(users.edouardLechatIn(zeCollection).getId()),
records.taxo1_category2_1().getId());
waitForBatchProcess();
List<String> foundRecords = findAllFoldersAndDocuments(users.aliceIn(zeCollection));
assertThat(foundRecords).contains(records.folder3().getId(), records.folder3_doc1().getId());
foundRecords = findAllFoldersAndDocuments(users.edouardLechatIn(zeCollection));
assertThat(foundRecords).contains(records.folder3().getId(), records.folder3_doc1().getId());
foundRecords = findAllFoldersAndDocuments(users.charlesIn(zeCollection));
assertThat(foundRecords).contains(records.folder3().getId(), records.folder3_doc1().getId());
foundRecords = findAllFoldersAndDocuments(users.dakotaLIndienIn(zeCollection));
assertThat(foundRecords).contains(records.folder3().getId(), records.folder3_doc1().getId());
foundRecords = findAllFoldersAndDocuments(users.gandalfIn(zeCollection));
assertThat(foundRecords).contains(records.folder3().getId(), records.folder3_doc1().getId());
foundRecords = findAllFoldersAndDocuments(users.bobIn(zeCollection));
assertThat(foundRecords).isEmpty();
}
@Test
//Basic security test
public void givenHeroesAndAliceHaveAuthToCategory2AndEdouardHasAuthToFolder4ThenAllButBobSeeFolder4()
throws Exception {
List<String> roles = asList(READ);
addAuthorizationWithoutDetaching(roles, asList(users.heroesIn(zeCollection).getId(), users.aliceIn(zeCollection).getId()),
records.taxo1_category2().getId());
addAuthorizationWithoutDetaching(roles, asList(users.edouardLechatIn(zeCollection).getId()),
records.folder4().getId());
waitForBatchProcess();
// List<String> foundRecords = findAllFoldersAndDocuments(users.chuckNorrisIn(zeCollection));
// assertThat(foundRecords).containsOnly(records.folder4().getId(), records.folder4_1().getId(), records.folder4_2().getId(),
// records.folder4_1_doc1().getId(), records.folder4_2_doc1().getId());
List<String> foundRecords = findAllFoldersAndDocuments(users.aliceIn(zeCollection));
assertThat(foundRecords).contains(records.folder4().getId(), records.folder4_1().getId(), records.folder4_2().getId(),
records.folder4_1_doc1().getId(), records.folder4_2_doc1().getId());
foundRecords = findAllFoldersAndDocuments(users.edouardLechatIn(zeCollection));
assertThat(foundRecords).contains(records.folder4().getId(), records.folder4_1().getId(), records.folder4_2().getId(),
records.folder4_1_doc1().getId(), records.folder4_2_doc1().getId());
foundRecords = findAllFoldersAndDocuments(users.charlesIn(zeCollection));
assertThat(foundRecords).contains(records.folder4().getId(), records.folder4_1().getId(), records.folder4_2().getId(),
records.folder4_1_doc1().getId(), records.folder4_2_doc1().getId());
foundRecords = findAllFoldersAndDocuments(users.dakotaLIndienIn(zeCollection));
assertThat(foundRecords).contains(records.folder4().getId(), records.folder4_1().getId(), records.folder4_2().getId(),
records.folder4_1_doc1().getId(), records.folder4_2_doc1().getId());
foundRecords = findAllFoldersAndDocuments(users.gandalfIn(zeCollection));
assertThat(foundRecords).contains(records.folder4().getId(), records.folder4_1().getId(), records.folder4_2().getId(),
records.folder4_1_doc1().getId(), records.folder4_2_doc1().getId());
foundRecords = findAllFoldersAndDocuments(users.bobIn(zeCollection));
assertThat(foundRecords).isEmpty();
}
@Test
public void givenBobHasAnAuthorizationGivingHimARoleWithReadAccessHasTheHasTheRolePermissionsOnTargetRecordsAndTheirDescendants
()
throws RolesManagerRuntimeException, InterruptedException, RecordServicesException {
User bob = users.bobIn(zeCollection);
addAuthorizationWithoutDetaching(asList("zeRole", READ), asList(bob.getId()), records.taxo1_category1().getId());
waitForBatchProcess();
bob = users.bobIn(zeCollection);
assertThat(services.canRead(bob, records.folder1())).isTrue();
assertThat(services.canRead(bob, records.folder2())).isTrue();
assertThat(services.canRead(bob, records.taxo1_category1())).isTrue();
}
@Test
public void givenBobHasAnAuthorizationOnAGroupGivingHimARoleWithReadAccessHasTheRolePermissionsOnTargetRecordsAndTheirDescendants
()
throws RolesManagerRuntimeException, InterruptedException, RecordServicesException {
Group group = createGroup("HEROES");
User bob = users.bobIn(zeCollection);
bob.setCollectionReadAccess(true);
bob.setUserGroups(asList(group.getId()));
addAuthorizationWithoutDetaching(asList("zeRole"), asList(group.getId()), records.taxo1_category1().getId());
waitForBatchProcess();
assertThat(services.canRead(bob, records.folder1())).isTrue();
assertThat(services.canRead(bob, records.folder2())).isTrue();
}
@Test
public void givenBobHasAnAuthorizationGivingHimARoleWithoutReadAccessThenHasNoPermissionsOnTheCollectionRecords()
throws RolesManagerRuntimeException, InterruptedException, RecordServicesException {
User bob = users.bobIn(zeCollection);
addAuthorizationWithoutDetaching(asList("zeRole"), asList(bob.getId()), records.taxo1_category1().getId());
waitForBatchProcess();
assertThat(services.canRead(bob, records.taxo1_category1())).isFalse();
}
@Test
public void givenBobHasAnAuthorizationOnAGroupGivingHimARoleWithoutReadAccessThenHasNoPermissionsOnTheCollectionRecords()
throws RolesManagerRuntimeException, InterruptedException, RecordServicesException {
Group group = createGroup("HEROES");
User bob = users.bobIn(zeCollection);
// bob.setCollectionReadAccess(true);
bob.setUserGroups(asList(group.getId()));
addAuthorizationWithoutDetaching(asList("zeRole"), asList(group.getId()), records.taxo1_category1().getId());
waitForBatchProcess();
assertThat(services.canRead(bob, records.taxo1_category1())).isFalse();
}
@Test
public void givenGroupHasAuthsThenAuthsInheritedToSubGroupAndItsUsers()
throws InterruptedException {
List<String> roles = asList(READ, Role.WRITE);
assertThat(users.robinIn(zeCollection)).is(notAllowedToWrite(records.taxo1_category2()));
addAuthorizationWithoutDetaching(roles, asList(users.heroesIn(zeCollection).getId()), records.taxo1_category2().getId());
waitForBatchProcess();
assertThat(users.robinIn(zeCollection)).is(allowedToWrite(records.taxo1_category2()));
}
@Test
public void givenAddAuthorizationWhenGetAuthorizationThenReturnIt()
throws Exception {
List<String> roles = asList(READ);
Authorization authorization = addAuthorizationWithoutDetaching(roles, asList(users.heroesIn(zeCollection).getId()),
records.taxo1_category2().getId());
waitForBatchProcess();
String authId = authorization.getDetail().getId();
Authorization retrievedAuthorization = services
.getAuthorization(authorization.getDetail().getCollection(),
authId);
assertThat(authorization.getDetail()).isEqualToComparingFieldByField(retrievedAuthorization.getDetail());
assertThat(authorization.getGrantedOnRecord()).isEqualTo(retrievedAuthorization.getGrantedOnRecord());
assertThat(authorization.getGrantedToPrincipals()).isEqualTo(retrievedAuthorization.getGrantedToPrincipals());
}
}