AuthzTest.java

package hudson.plugins.collabnet.auth;

import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
import hudson.model.Descriptor;
import hudson.model.Hudson;
import hudson.plugins.collabnet.util.Util;
import hudson.security.ACL;
import hudson.security.AuthorizationStrategy;
import hudson.security.LegacyAuthorizationStrategy;
import hudson.security.SparseACL;

/**
 * Base class for test cases.
 *
 * Unlike {@link AuthzTest}, this version doesn't have any setUp/tearDown.
 *
 * @author Kohsuke Kawaguchi
 */
public class AuthzTest extends AbstractSecurityTestCase {

    /**
     * Verifies that the UI is bound correctly to properties
     */
    public void testConfigRoundtrip() throws Exception {
        hudson.setAuthorizationStrategy(new LegacyAuthorizationStrategy());
        roundtripAndAssert(new CNAuthorizationStrategy("foo,bar","dev,op","alice,boss,root","god,budda",35) {
            /**
             * Allow resubmission of the system config without logging in first.
             * @return
             */
            @Override
            public ACL getRootACL() {
                SparseACL acl = new SparseACL(null);
                acl.add(ACL.ANONYMOUS, Hudson.ADMINISTER, true);
                return acl;
            }

            @Override
            public Descriptor<AuthorizationStrategy> getDescriptor() {
                return Hudson.getInstance().getDescriptorOrDie(CNAuthorizationStrategy.class);
            }
        });

    }

    private void roundtripAndAssert(CNAuthorizationStrategy original) throws Exception {
        hudson.setAuthorizationStrategy(original);
        try {
            submit(createWebClient().goTo("configure").getFormByName("config"));
            fail(); // submission would succeed but the rendering of the top page would fail, so this should result in an error
        } catch (FailingHttpStatusCodeException e) {
            // if the submission succeeds, we should see a new instance
            assertNotSame(original,hudson.getAuthorizationStrategy());
            assertEqualBeans(original, hudson.getAuthorizationStrategy(), FIELDS);
        }
    }

    /**
     * Makes sure that help link exists on all three options.
     */
    public void testHelpLink() throws Exception {
        assertHelpExists(CNAuthorizationStrategy.class, FIELDS);
    }

    /**
     * Test that the admin user can log in and get to the configure page.
     */
    public void testAdminUserAccess() throws Exception {
        if (!verifyOnline())    return;
        installAuthorizationStrategy();
        // admin user should be able to see the system config page
        createAdminWebClient().goTo("configure");
    }

    /**
     * Test that the admin group can log in and get to the configure page.
     */
    public void testAdminGroupAccess() throws Exception {
        if (!verifyOnline())    return;
        installAuthorizationStrategy();
        new WebClient().login(admin_group_member, admin_group_member).goTo("configure");
    }

    /**
     * Test that the read user can log in and not get to the configure page.
     */
    public void testReadUserAccess() throws Exception {
        if (!verifyOnline())    return;
        installAuthorizationStrategy();
        WebClient loggedInRead = new WebClient().login(read_user,read_user);
        Util.checkPageUnreachable(loggedInRead, "configure");
    }

    /**
     * Test that the read group can log in and not get to the configure page.
     */
    public void testReadGroupAccess() throws Exception {
        if (!verifyOnline())    return;
        installAuthorizationStrategy();
        WebClient loggedInRead = new WebClient().login(read_group_member,read_group_member);
        Util.checkPageUnreachable(loggedInRead,"configure");
    }

    private static final String FIELDS = "readUsersStr,readGroupsStr,adminUsersStr,adminGroupsStr,authCacheTimeoutMin";
}