Nexus779RssFeedFilteringIT.java

/**
 * Copyright (c) 2008-2011 Sonatype, Inc.
 * All rights reserved. Includes the third-party code listed at http://www.sonatype.com/products/nexus/attributions.
 *
 * This program is free software: you can redistribute it and/or modify it only under the terms of the GNU Affero General
 * Public License Version 3 as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License Version 3
 * for more details.
 *
 * You should have received a copy of the GNU Affero General Public License Version 3 along with this program.  If not, see
 * http://www.gnu.org/licenses.
 *
 * Sonatype Nexus (TM) Open Source Version is available from Sonatype, Inc. Sonatype and Sonatype Nexus are trademarks of
 * Sonatype, Inc. Apache Maven is a trademark of the Apache Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
 * All other trademarks are the property of their respective owners.
 */
package org.sonatype.nexus.integrationtests.nexus779;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;

import org.sonatype.nexus.integrationtests.TestContainer;
import org.sonatype.nexus.jsecurity.realms.TargetPrivilegeDescriptor;
import org.sonatype.nexus.rest.model.PrivilegeResource;
import org.sonatype.nexus.rest.model.RepositoryTargetResource;
import org.sonatype.security.rest.model.PrivilegeStatusResource;
import org.sonatype.security.rest.model.RoleResource;
import org.sonatype.security.rest.model.UserResource;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

/**
 * Test filtering search results based upon security
 */
public class Nexus779RssFeedFilteringIT
    extends AbstractRssIT
{
	
    @BeforeClass
    public void setSecureTest(){
        TestContainer.getInstance().getTestContext().setSecureTest( true );
    }

    @Test
    public void filteredFeeds()
        throws Exception
    {
        if(true) {
            printKnownErrorButDoNotFail( getClass(), "filteredFeeds" );
            return;
        }

        TestContainer.getInstance().getTestContext().useAdminForRequests();

        // First create the targets
        RepositoryTargetResource test1Target =
            createTarget( "filterTarget1", Collections.singletonList( ".*/test1/.*" ) );
        RepositoryTargetResource test2Target =
            createTarget( "filterTarget2", Collections.singletonList( ".*/test2/.*" ) );

        // Then create the privileges
        PrivilegeStatusResource priv1 = createPrivilege( "filterPriv1", test1Target.getId() );
        PrivilegeStatusResource priv2 = createPrivilege( "filterPriv2", test2Target.getId() );

        // Then create the roles
        List<String> combined = new ArrayList<String>();
        combined.add( priv1.getId() );
        combined.add( priv2.getId() );
        RoleResource role1 = createRole( "filterRole1", Collections.singletonList( priv1.getId() ) );
        RoleResource role2 = createRole( "filterRole2", Collections.singletonList( priv2.getId() ) );
        RoleResource role3 = createRole( "filterRole3", combined );

        // Now update the test user so that the user can only access test1
        updateUserRole( TEST_USER_NAME, Collections.singletonList( role1.getId() ) );

        TestContainer.getInstance().getTestContext().setUsername( TEST_USER_NAME );
        TestContainer.getInstance().getTestContext().setPassword( TEST_USER_PASSWORD );

        // Should be able to see only test1 artifacts
        Assert.assertTrue( feedListContainsArtifact( "nexus779", "test1", "1.0.0" ),
                           "Feed should contain entry for nexus779:test1:1.0.0.\nEntries: " + this.entriesToString() );

        Assert.assertFalse( feedListContainsArtifact( "nexus779", "test2", "1.0.0" ), "Feed should not contain entry for nexus779:test2:1.0.0\nEntries: "
                + this.entriesToString() );

        // Now update the test user so that the user can only access test2
        updateUserRole( TEST_USER_NAME, Collections.singletonList( role2.getId() ) );

        TestContainer.getInstance().getTestContext().setUsername( TEST_USER_NAME );
        TestContainer.getInstance().getTestContext().setPassword( TEST_USER_PASSWORD );

        // Should be able to see only test2 artifacts
        Assert.assertFalse( feedListContainsArtifact( "nexus779", "test1", "1.0.0" ), "Feed should not contain entry for nexus779:test1:1.0.0.\nEntries: "
                + this.entriesToString() );

        Assert.assertTrue( feedListContainsArtifact( "nexus779", "test2", "1.0.0" ),
                           "Feed should contain entry for nexus779:test2:1.0.0\nEntries: " + this.entriesToString() );

        // Now update the test user to find both
        updateUserRole( TEST_USER_NAME, Collections.singletonList( role3.getId() ) );

        TestContainer.getInstance().getTestContext().setUsername( TEST_USER_NAME );
        TestContainer.getInstance().getTestContext().setPassword( TEST_USER_PASSWORD );

        // Should be able to see both test1 & test2 artifacts
        Assert.assertTrue( feedListContainsArtifact( "nexus779", "test1", "1.0.0" ),
                           "Feed should contain entry for nexus779:test1:1.0.0.\nEntries: " + this.entriesToString() );

        Assert.assertTrue( feedListContainsArtifact( "nexus779", "test2", "1.0.0" ),
                           "Feed should contain entry for nexus779:test2:1.0.0\nEntries: " + this.entriesToString() );
    }

    private RepositoryTargetResource createTarget( String name, List<String> patterns )
        throws Exception
    {
        RepositoryTargetResource resource = new RepositoryTargetResource();

        resource.setContentClass( "maven2" );
        resource.setName( name );

        resource.setPatterns( patterns );

        return this.targetUtil.createTarget( resource );
    }

    private PrivilegeStatusResource createPrivilege( String name, String targetId )
        throws Exception
    {
        PrivilegeResource resource = new PrivilegeResource();

        resource.setName( name );
        resource.setDescription( "some description" );
        resource.setType( TargetPrivilegeDescriptor.TYPE );
        resource.setRepositoryTargetId( targetId );
        resource.addMethod( "read" );

        return privUtil.createPrivileges( resource ).iterator().next();
    }

    private RoleResource createRole( String name, List<String> privilegeIds )
        throws Exception
    {
        RoleResource role = new RoleResource();
        role.setName( name );
        role.setDescription( "some description" );
        role.setSessionTimeout( 60 );

        for ( String privilegeId : privilegeIds )
        {
            role.addPrivilege( privilegeId );
        }

        role.addPrivilege( "1" );
        role.addPrivilege( "6" );
        role.addPrivilege( "14" );
        role.addPrivilege( "17" );
        role.addPrivilege( "19" );
        role.addPrivilege( "44" );
        role.addPrivilege( "54" );
        role.addPrivilege( "55" );
        role.addPrivilege( "57" );
        role.addPrivilege( "58" );
        role.addPrivilege( "64" );

        return this.roleUtil.createRole( role );
    }

    private void updateUserRole( String username, List<String> roleIds )
        throws Exception
    {
        // change to admin so we can update the roles
        TestContainer.getInstance().getTestContext().useAdminForRequests();

        UserResource resource = userUtil.getUser( username );

        resource.setRoles( roleIds );

        userUtil.updateUser( resource );
    }
}