/**
* Licensed to The Apereo Foundation under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional
* information regarding copyright ownership.
*
*
* The Apereo Foundation licenses this file to you under the Educational
* Community License, Version 2.0 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of the License
* at:
*
* http://opensource.org/licenses/ecl2.txt
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*
*/
package org.opencastproject.authorization.xacml.manager.impl.persistence;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.opencastproject.security.api.AccessControlUtil.acl;
import static org.opencastproject.security.api.AccessControlUtil.entries;
import static org.opencastproject.security.api.AccessControlUtil.entry;
import static org.opencastproject.util.data.Tuple.tuple;
import org.opencastproject.authorization.xacml.manager.api.ManagedAcl;
import org.opencastproject.authorization.xacml.manager.impl.ManagedAclImpl;
import org.opencastproject.security.api.AccessControlList;
import org.opencastproject.security.api.DefaultOrganization;
import org.opencastproject.security.api.JaxbOrganization;
import org.opencastproject.security.api.Organization;
import org.opencastproject.util.data.Option;
import org.opencastproject.util.persistence.PersistenceUtil;
import org.junit.Test;
/** Tests for {@link JpaAclDb}. */
public final class JpaAclDbTest {
@Test
public void testProvider() {
//
// add ACL to org1
final AccessControlList publicAcl = acl(entry("anonymous", "read", true));
final Option<ManagedAcl> acl = p.createAcl(org1, publicAcl, "public");
assertTrue(acl.isSome());
assertTrue(p.getAcl(org1, acl.get().getId()).isSome());
// ACL should not be visible for org2
assertTrue(p.getAcl(org2, acl.get().getId()).isNone());
// create duplicate which should be denied
assertTrue(p.createAcl(org1, publicAcl, "public").isNone());
//
// add another ACL to org1
p.createAcl(org1, acl(entries("instructor", tuple("read", true), tuple("write", true))), "instructor");
assertEquals(2, p.getAcls(org1).size());
// org2 should still have no ACLs
assertEquals(0, p.getAcls(org2).size());
//
// add same ACL to org2
p.createAcl(org2, publicAcl, "public");
assertEquals(1, p.getAcls(org2).size());
assertEquals(2, p.getAcls(org1).size());
//
// update
final ManagedAcl org1Acl = acl.get();
// update with new ACL
assertTrue(p.updateAcl(new ManagedAclImpl(org1Acl.getId(), org1Acl.getName(), org1Acl.getOrganizationId(), acl(entry("anonymous", "write", true)))));
assertEquals("write", p.getAcl(org1, org1Acl.getId()).get().getAcl().getEntries().get(0).getAction());
// update with new name
final ManagedAcl org1AclUpdated = new ManagedAclImpl(org1Acl.getId(), "public2", org1Acl.getOrganizationId(), org1Acl.getAcl());
assertTrue(p.updateAcl(org1AclUpdated));
assertEquals("public2", p.getAcl(org1, org1AclUpdated.getId()).get().getName());
// try to update a non-existing ACL
assertFalse(p.updateAcl(new ManagedAclImpl(27427492384723L, "public2", org1.getId(), org1Acl.getAcl())));
assertEquals(2, p.getAcls(org1).size());
// update without any update
assertTrue(p.updateAcl(org1AclUpdated));
assertEquals(2, p.getAcls(org1).size());
// try to update an ACL of a different org
assertFalse(p.updateAcl(new ManagedAclImpl(org1Acl.getId(), "bla", org2.getId(), org1Acl.getAcl())));
//
// delete
assertTrue(p.deleteAcl(org1, org1Acl.getId()));
assertEquals(1, p.getAcls(org1).size());
// try to delete a non-existing ACL
assertFalse(p.deleteAcl(org1, 894892374923L));
// try to delete an ACL of a different org
assertFalse(p.deleteAcl(org2, org1Acl.getId()));
assertEquals(1, p.getAcls(org2).size());
}
private static final JpaAclDb p = new JpaAclDb(PersistenceUtil.newTestPersistenceEnv("org.opencastproject.authorization.xacml.manager"));
private static final Organization org1 = new DefaultOrganization();
private static final Organization org2 = new JaxbOrganization("Entwine");
}