TestSQLDirectorySecurityDefault.java

/*
 * (C) Copyright 2014 Nuxeo SA (http://nuxeo.com/) and others.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * Contributors:
 *     mhilaire
 *
 */

package org.nuxeo.ecm.directory.sql;

import static org.junit.Assert.fail;

import java.io.Serializable;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

import javax.inject.Inject;
import javax.inject.Named;
import javax.security.auth.login.LoginException;

import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.DocumentModelList;
import org.nuxeo.ecm.directory.Directory;
import org.nuxeo.ecm.directory.DirectorySecurityException;
import org.nuxeo.ecm.directory.Session;
import org.nuxeo.ecm.platform.login.test.ClientLoginFeature;
import org.nuxeo.ecm.platform.login.test.DummyNuxeoLoginModule;
import org.nuxeo.runtime.test.runner.Features;
import org.nuxeo.runtime.test.runner.FeaturesRunner;
import org.nuxeo.runtime.test.runner.LocalDeploy;

@RunWith(FeaturesRunner.class)
@Features({ SQLDirectoryFeature.class, ClientLoginFeature.class })
@LocalDeploy({ "org.nuxeo.ecm.directory.sql.tests:test-sql-directories-schema-override.xml",
        "org.nuxeo.ecm.directory.sql.tests:test-sql-directories-bundle.xml" })
public class TestSQLDirectorySecurityDefault {

    @Inject
    ClientLoginFeature dummyLogin;

    @Inject
    @Named(SQLDirectoryFeature.USER_DIRECTORY_NAME)
    Directory directory;

    Session session;

    @Before
    public void setUp() {
        session = directory.getSession();
    }

    @After
    public void tearDown() throws Exception {
        session.close();
    }

    // Default admin tests
    @Test
    public void adminCanCreateEntry() throws Exception {
        // Given the admin user
        dummyLogin.login(DummyNuxeoLoginModule.ADMINISTRATOR_USERNAME);

        Map<String, Object> map = new HashMap<String, Object>();
        map.put("username", "user_0");
        map.put("password", "pass_0");
        map.put("groups", Arrays.asList("members", "administrators"));

        // When I call the create entry
        DocumentModel entry = session.createEntry(map);

        // I have created an entry
        entry = session.getEntry(entry.getId());
        Assert.assertNotNull(entry);

        dummyLogin.logout();
    }

    @Test
    public void adminCanDeleteEntry() throws Exception {
        // Given the admin user
        dummyLogin.login(DummyNuxeoLoginModule.ADMINISTRATOR_USERNAME);

        // I can delete entry
        DocumentModel entry = session.getEntry("user_1");
        Assert.assertNotNull(entry);
        session.deleteEntry("user_1");
        entry = session.getEntry("user_1");
        Assert.assertNull(entry);

        dummyLogin.logout();
    }

    // Everyone tests
    @Test
    public void everyoneCantCreateEntry() throws LoginException {
        // Given a user
        dummyLogin.login("aUser");

        Map<String, Object> map = new HashMap<String, Object>();
        map.put("username", "should-not-create");
        map.put("password", "should-not-create");
        map.put("groups", Arrays.asList("members", "administrators"));

        // When I call the create entry
        try {
            session.createEntry(map);
            fail("Should not be able to create entry");
        } catch (DirectorySecurityException e) {
            // ok
        }

        dummyLogin.logout();
    }

    @Test
    public void everyoneCanGetEntry() throws LoginException {
        // Given a user
        dummyLogin.login("aUser");

        // When I call get entry
        DocumentModel entry = session.getEntry("user_3");
        Assert.assertNotNull(entry);

        dummyLogin.logout();
    }

    @Test
    public void everyoneCantDeleteEntry() throws Exception {
        dummyLogin.login("aUser");

        // When I call delete entry
        DocumentModel entry = session.getEntry("user_3");
        Assert.assertNotNull(entry);
        try {
            session.deleteEntry("user_3");
            fail("Should not be able to delete entry");
        } catch (DirectorySecurityException e) {
            // ok
        }
        entry = session.getEntry("user_3");
        Assert.assertNotNull(entry);

        dummyLogin.logout();
    }

    @Test
    public void everyoneCanSearch() throws LoginException {
        dummyLogin.login("aUser");

        // When I query entry
        Map<String, Serializable> map = new HashMap<String, Serializable>();
        map.put("username", "user_3");
        DocumentModelList results = session.query(map);
        Assert.assertNotNull(results);
        Assert.assertEquals(1, results.size());

        dummyLogin.logout();
    }

}