/*
* Copyright (c) 2013 Oracle Corporation.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* Contributors:
* Winston Prakash
*/
package org.eclipse.hudson.security.team;
import hudson.model.FreeStyleProject;
import hudson.model.FreeStyleProjectMock;
import hudson.model.Item;
import hudson.security.Permission;
import java.io.File;
import java.io.IOException;
import junit.framework.Assert;
import org.apache.commons.io.FileUtils;
import org.eclipse.hudson.security.HudsonSecurityEntitiesHolder;
import org.eclipse.hudson.security.HudsonSecurityManager;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.security.acls.domain.PrincipalSid;
import org.springframework.security.acls.model.Sid;
/**
* Test class for TeamAwareSecurityRealmTest
*
* @author Winston Prakash
*/
public class TeamAwareSecurityRealmTest {
private Permission configurePermission = Item.CONFIGURE;
private Permission readPermission = Item.READ;
private File homeDir = FileUtils.getTempDirectory();
private File teamsFolder = new File(homeDir, "teams");
private final String teamsConfigFileName = "teams.xml";
private File teamsStore = new File(teamsFolder, teamsConfigFileName);
private TeamManager teamManager;
private HudsonSecurityManager hudsonSecurityManager;
@Before
public void setUp() throws IOException {
if (teamsStore.exists()) {
teamsStore.delete();
}
teamManager = new TeamManager(homeDir);
teamManager.setUseBulkSaveFlag(false);
hudsonSecurityManager = new HudsonSecurityManager(homeDir);
HudsonSecurityEntitiesHolder.setHudsonSecurityManager(hudsonSecurityManager);
}
@After
public void tearDown() {
if (teamsStore.exists()) {
teamsStore.delete();
}
}
@Test
public void testGlobalSysAdminPermission() throws IOException, TeamManager.TeamAlreadyExistsException{
Team newTeam = teamManager.createTeam("team1");
hudsonSecurityManager.setSecurityRealm(new TeamAwareSecurityRealmImpl(newTeam, false, false));
//Dummy Sid
Sid sid = new PrincipalSid("Paul");
TeamBasedACL teamBasedACL = new TeamBasedACL(teamManager, TeamBasedACL.SCOPE.GLOBAL);
Assert.assertNull("Current user should not have global CONFIGURE permission", teamBasedACL.hasPermission(sid, configurePermission));
Assert.assertTrue("Current user should have global READ permission", teamBasedACL.hasPermission(sid, readPermission).booleanValue());
hudsonSecurityManager.setSecurityRealm(new TeamAwareSecurityRealmImpl(newTeam, true, false));
Assert.assertTrue("Current user should have global CONFIGURE permission", teamBasedACL.hasPermission(sid, configurePermission).booleanValue());
}
@Test
public void testJobPermission() throws IOException, TeamManager.TeamAlreadyExistsException {
Team team1 = teamManager.createTeam("team1");
hudsonSecurityManager.setSecurityRealm(new TeamAwareSecurityRealmImpl(team1, false, false));
FreeStyleProject freeStyleJob = new FreeStyleProjectMock("testJob");
team1.addJob(new TeamJob(freeStyleJob.getName()));
//Dummy Sid
Sid sid = new PrincipalSid("Paul");
TeamBasedACL teamBasedACL = new TeamBasedACL(teamManager, TeamBasedACL.SCOPE.JOB, freeStyleJob);
Assert.assertTrue("Current user should have Job CONFIGURE permission", teamBasedACL.hasPermission(sid, configurePermission).booleanValue());
Team team2 = teamManager.createTeam("team2");
freeStyleJob = new FreeStyleProjectMock("testJob2");
team2.addJob(new TeamJob(freeStyleJob.getName()));
teamBasedACL = new TeamBasedACL(teamManager, TeamBasedACL.SCOPE.JOB, freeStyleJob);
Assert.assertNull("Current user should not have Job CONFIGURE permission", teamBasedACL.hasPermission(sid, configurePermission));
Assert.assertNull("Current user should not have Job READ permission", teamBasedACL.hasPermission(sid, readPermission));
}
@Test
public void testPublicJobPermission() throws IOException, TeamManager.TeamNotFoundException, TeamManager.TeamAlreadyExistsException {
String teamName = "team1";
Team newTeam = teamManager.createTeam(teamName);
hudsonSecurityManager.setSecurityRealm(new TeamAwareSecurityRealmImpl(newTeam, false, false));
FreeStyleProject freeStyleJob = new FreeStyleProjectMock("testJob");
teamManager.getPublicTeam().addJob(new TeamJob(freeStyleJob.getName()));
//Dummy Sid
Sid sid = new PrincipalSid("Paul");
TeamBasedACL teamBasedACL = new TeamBasedACL(teamManager, TeamBasedACL.SCOPE.JOB, freeStyleJob);
Assert.assertNull("Current user should not have Job CONFIGURE permission", teamBasedACL.hasPermission(sid, configurePermission));
Assert.assertTrue("Current user should have Job READ permission", teamBasedACL.hasPermission(sid, readPermission).booleanValue());
}
public class TeamAwareSecurityRealmImpl extends TeamAwareSecurityRealm {
private Team team;
private boolean isSysAdmin;
private boolean isTeamAdmin;
TeamAwareSecurityRealmImpl(Team team, boolean isSysAdmin, boolean isTeamAdmin) {
this.team = team;
this.isSysAdmin = isSysAdmin;
this.isTeamAdmin = isTeamAdmin;
}
@Override
public Team GetCurrentUserTeam() {
return team;
}
@Override
public boolean isCurrentUserSysAdmin() {
return isSysAdmin;
}
@Override
public boolean isCurrentUserTeamAdmin() {
return isTeamAdmin;
}
@Override
public SecurityComponents createSecurityComponents() {
return null;
}
}
}