RecordResourceAATest.java

package eu.europeana.cloud.service.mcs.rest.aatests;

import eu.europeana.cloud.common.model.Record;
import eu.europeana.cloud.service.mcs.RecordService;
import eu.europeana.cloud.service.mcs.exception.RecordNotExistsException;
import eu.europeana.cloud.service.mcs.exception.RepresentationNotExistsException;
import eu.europeana.cloud.service.mcs.rest.RecordsResource;
import eu.europeana.cloud.test.AbstractSecurityTest;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;

import javax.validation.constraints.NotNull;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import java.net.URI;

@RunWith(SpringJUnit4ClassRunner.class)
public class RecordResourceAATest extends AbstractSecurityTest {
	
	@Autowired
	@NotNull
	private RecordsResource recordsResource;
	
	@Autowired
	@NotNull
	private RecordService recordService;

	private static final String GLOBAL_ID = "GLOBAL_ID";
	
	private UriInfo URI_INFO;
	
	private Record record;
	
	/**
	 * Pre-defined users
	 */
	private final static String RANDOM_PERSON = "Cristiano";
	private final static String RANDOM_PASSWORD = "Ronaldo";

	private final static String VAN_PERSIE = "Robin_Van_Persie";
	private final static String VAN_PERSIE_PASSWORD = "Feyenoord";

	private final static String RONALDO = "Cristiano";
	private final static String RONALD_PASSWORD = "Ronaldo";

	private final static String ADMIN = "admin";
	private final static String ADMIN_PASSWORD = "admin";
	
	@Before
	public void mockUp() throws Exception {

		record = new Record();
		record.setCloudId(GLOBAL_ID);
		
		URI_INFO = Mockito.mock(UriInfo.class);
		UriBuilder uriBuilder = Mockito.mock(UriBuilder.class);

        Mockito.doReturn(uriBuilder).when(URI_INFO).getBaseUriBuilder();
        Mockito.doReturn(uriBuilder).when(uriBuilder).path((Class) Mockito.anyObject());
        Mockito.doReturn(new URI("")).when(uriBuilder).buildFromMap(Mockito.anyMap());
        Mockito.doReturn(new URI("")).when(uriBuilder).buildFromMap(Mockito.anyMap());
        Mockito.doReturn(new URI("")).when(URI_INFO).resolve((URI) Mockito.anyObject());
        
		Mockito.doReturn(record).when(recordService).getRecord(Mockito.anyString());
	}

	@Before
	public void init(){
		logoutEveryone();
	}

	/**
	 * Makes sure these methods can run even if noone is logged in.
	 * No special permissions are required.
	 */
	@Test
    public void testMethodsThatDontNeedAnyAuthentication() throws RecordNotExistsException  {
		recordsResource.getRecord(URI_INFO, GLOBAL_ID);
    }
	
	/**
	 * Makes sure any random person can just call these methods.
	 * No special permissions are required.
	 */
	@Test
    public void shouldBeAbleToCallMethodsThatDontNeedAnyAuthenticationWithSomeRandomPersonLoggedIn() 
    		throws RecordNotExistsException  {
		login(RANDOM_PERSON, RANDOM_PASSWORD);
		recordsResource.getRecord(URI_INFO, GLOBAL_ID);
    }
	
	@Test(expected = AuthenticationCredentialsNotFoundException.class)
	public void shouldThrowExceptionWhenNonAuthenticatedUserTriesToDeleteRecord() 
			throws RecordNotExistsException, RepresentationNotExistsException  {
		recordsResource.deleteRecord(GLOBAL_ID);
	}
	
	@Test(expected = AccessDeniedException.class)
	public void shouldThrowExceptionWhenRandomUserTriesToDeleteRecord() 
			throws RecordNotExistsException, RepresentationNotExistsException {
		login(RANDOM_PERSON, RANDOM_PASSWORD);
		recordsResource.deleteRecord(GLOBAL_ID);
	}
	
	public void shouldBeAbleToDeleteRecordWhenAdmin() 
			throws RecordNotExistsException, RepresentationNotExistsException {
		login(ADMIN, ADMIN_PASSWORD);
		recordsResource.deleteRecord(GLOBAL_ID);
	}
}