AuthorizationActionResourceTest.java example

Explorer
pentaho-platform-master
/*!
 * This program is free software; you can redistribute it and/or modify it under the
 * terms of the GNU Lesser General Public License, version 2.1 as published by the Free Software
 * Foundation.
 *
 * You should have received a copy of the GNU Lesser General Public License along with this
 * program; if not, you can obtain a copy at http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
 * or from the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the GNU Lesser General Public License for more details.
 *
 * Copyright (c) 2002-2016 Pentaho Corporation..  All rights reserved.
 */

package org.pentaho.platform.web.http.api.resources;

import org.junit.After;
import org.junit.Before;
import org.junit.Test;

import static org.mockito.Matchers.anyString;
import static org.mockito.Mockito.*;

import org.pentaho.di.core.util.Assert;
import org.pentaho.platform.api.engine.IAuthorizationAction;
import org.pentaho.platform.api.engine.IAuthorizationPolicy;
import org.pentaho.platform.web.http.api.resources.services.AuthorizationActionService;

import javax.ws.rs.core.Response;
import java.util.Arrays;
import java.util.List;

/**
 * This unit test validates AuthorizationActionResource's behaviour, i.e. the expected javax Response status and content.
 * We won't dive much into the underlying service, as there are already unit tests that cover that one.
 */
public class AuthorizationActionResourceTest {

  AuthorizationActionResource resource;
  IAuthorizationAction readAction;

  /*
   * we won't dive much into the service, as there are already unit tests that cover it,
   * but we will be mocking its IAuthorizationPolicy.getPolicy()
   */
  AuthorizationActionServiceForTesting service;
  IAuthorizationPolicy policy;

  @Before
  public void setUp() {

    resource = mock( AuthorizationActionResource.class );
    readAction = mock( IAuthorizationAction.class );
    when( readAction.getName() ).thenReturn( "Read" );

    service = mock( AuthorizationActionServiceForTesting.class );
    policy = mock( IAuthorizationPolicy.class );

    when( policy.isAllowed( readAction.getName() ) ).thenReturn( true );

    when( service.getActionList() ).thenReturn( Arrays.asList( new IAuthorizationAction[] { readAction } ) );
    when( service.getPolicy() ).thenReturn( policy );

    when( service.validateAuth( anyString() ) ).thenCallRealMethod();

    when( resource.getAuthorizationActionService() ).thenReturn( service );
    when( resource.validateAuth( anyString() ) ).thenCallRealMethod();
  }

  @Test
  public void testCorrectActionIsProperlyGranted() throws Exception {

    Response r = resource.validateAuth( readAction.getName() );

    verify( resource.getAuthorizationActionService(), times( 1 ) ).validateAuth( readAction.getName() );
    assertExpectedResponse( r, Response.Status.OK.getStatusCode(), Boolean.TRUE.toString() );
  }

  @Test
  public void testIncorrectActionIsProperlyDenied() throws Exception {

    final String DUMMY_ACTION_NAME = "Dummy_Action_Name";

    Response r = resource.validateAuth( DUMMY_ACTION_NAME );

    verify( resource.getAuthorizationActionService(), times( 1 ) ).validateAuth( DUMMY_ACTION_NAME );
    assertExpectedResponse( r, Response.Status.OK.getStatusCode(), Boolean.FALSE.toString() );
  }

  @Test
  public void testNullActionIsProperlyDenied() throws Exception {

    Response r = resource.validateAuth( null );

    verify( resource.getAuthorizationActionService(), times( 1 ) ).validateAuth( null );
    assertExpectedResponse( r, Response.Status.OK.getStatusCode(), Boolean.FALSE.toString() );
  }

  @Test
  public void testEmptyActionIsProperlyDenied() throws Exception {

    Response r = resource.validateAuth( "" );

    verify( resource.getAuthorizationActionService(), times( 1 ) ).validateAuth( "" );
    assertExpectedResponse( r, Response.Status.OK.getStatusCode(), Boolean.FALSE.toString() );
  }

  @After
  public void tearDown() {
    resource = null;
    service = null;
    policy = null;
    readAction = null;
  }

  private void assertExpectedResponse( Response response, int expectedStatus, String expectedEntity ) {

    Assert.assertTrue( response != null && response.getEntity() != null );
    Assert.assertTrue( response.getStatus() == expectedStatus );
    Assert.assertTrue( response.getEntity().toString().equalsIgnoreCase( expectedEntity ) );
  }

  /*
   * we won't dive much into the service, as there are already unit tests that cover it,
   * but we will be mocking its IAuthorizationPolicy.getPolicy()
   */
  private class AuthorizationActionServiceForTesting extends AuthorizationActionService {

    // changing visibility to public to allow mocking it
    @Override public List<IAuthorizationAction> getActionList() {
      return super.getActionList();
    }

    // changing visibility to public to allow mocking it
    @Override public IAuthorizationPolicy getPolicy() {
      return super.getPolicy();
    }
  }
}