UserPermissionsGetterTest.java

package codeine.permissions;

import static org.junit.Assert.*;
import static org.mockito.Mockito.*;

import javax.servlet.http.HttpServletRequest;

import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;

import codeine.jsons.auth.AuthenticationMethod;
import codeine.jsons.auth.CodeineUser;
import codeine.jsons.global.GlobalConfigurationJson;
import codeine.jsons.global.GlobalConfigurationJsonStore;
import codeine.utils.exceptions.UnAuthorizedException;

public class UserPermissionsGetterTest {

	@Mock
	private GlobalConfigurationJsonStore globalConfigurationJsonStore;
	@Mock
	private GlobalConfigurationJson globalConfigurationJson;
	@Mock
	private UserPermissionsBuilder userPermissionsBuilder;
	@Mock
	private UsernameResolverFromRequest usernameResolverFromRequest;
	@Mock
	private HttpServletRequest request;
	private UserPermissionsGetter tested;

	@Before
	public void initMocks() {
		MockitoAnnotations.initMocks(this);
		tested = new UserPermissionsGetter(userPermissionsBuilder,
				globalConfigurationJsonStore, usernameResolverFromRequest);
		when(globalConfigurationJsonStore.get()).thenReturn(globalConfigurationJson);
		when(globalConfigurationJson.authentication_method()).thenReturn(AuthenticationMethod.Builtin);
		when(usernameResolverFromRequest.getViewAsUser(request)).thenReturn(CodeineUser.createNewUser(null, "whatever"));
	}

	@Test
	public void testIgnoreSecurity() {
		System.setProperty(UserPermissionsGetter.IGNORE_SECURITY, "true");
		IUserWithPermissions user = tested.user(request);
		assertTrue(user.isAdministrator());
		assertEquals("Guest", user.user().username());
	}
	
	@After
	public void cleanup() {
		System.clearProperty(UserPermissionsGetter.IGNORE_SECURITY);
	}

	@Test
	public void testGuestUserForNonExitUserOrEmpty() {
		CodeineUser guestUser = CodeineUser.createNewUser("Guest", "whatever");
		when(usernameResolverFromRequest.getUser(request)).thenReturn(guestUser);
		tested.user(request);
		verify(userPermissionsBuilder).getUserPermissions(guestUser);
	}
	private CodeineUser createUser(String username) {
		return CodeineUser.createGuest(username);
	}
	private CodeineUser adminUser = createUser("Admin");
	private CodeineUser notAdmin = createUser("NotAdmin");
	private CodeineUser viewAs = createUser("viewas");
	
	@Test
	public void testViewAsUser() {
		when(usernameResolverFromRequest.getUser(request)).thenReturn(adminUser);
		when(userPermissionsBuilder.getUserPermissions(adminUser)).thenReturn(new UserPermissions(adminUser, true));
		when(usernameResolverFromRequest.getViewAsUser(request)).thenReturn(viewAs);
		when(userPermissionsBuilder.getUserPermissions(viewAs)).thenReturn(new UserPermissions(viewAs, false));
		IUserWithPermissions user = tested.user(request);
		assertFalse(user.isAdministrator());
		assertEquals("viewas", user.user().username());
	}
	@Test(expected=UnAuthorizedException.class)
	public void testViewAsUserNoAdmin() {
		when(usernameResolverFromRequest.getUser(request)).thenReturn(notAdmin);
		when(userPermissionsBuilder.getUserPermissions(notAdmin)).thenReturn(new UserPermissions(notAdmin, false));
		when(usernameResolverFromRequest.getViewAsUser(request)).thenReturn(viewAs);
		when(userPermissionsBuilder.getUserPermissions(viewAs)).thenReturn(new UserPermissions(viewAs, false));
		tested.user(request);
	}
	

}