/** * Licensed to The Apereo Foundation under one or more contributor license * agreements. See the NOTICE file distributed with this work for additional * information regarding copyright ownership. * * * The Apereo Foundation licenses this file to you under the Educational * Community License, Version 2.0 (the "License"); you may not use this file * except in compliance with the License. You may obtain a copy of the License * at: * * http://opensource.org/licenses/ecl2.txt * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the * License for the specific language governing permissions and limitations under * the License. * */ package org.opencastproject.authorization.xacml.manager.impl.persistence; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; import static org.opencastproject.security.api.AccessControlUtil.acl; import static org.opencastproject.security.api.AccessControlUtil.entries; import static org.opencastproject.security.api.AccessControlUtil.entry; import static org.opencastproject.util.data.Tuple.tuple; import org.opencastproject.authorization.xacml.manager.api.ManagedAcl; import org.opencastproject.authorization.xacml.manager.impl.ManagedAclImpl; import org.opencastproject.security.api.AccessControlList; import org.opencastproject.security.api.DefaultOrganization; import org.opencastproject.security.api.JaxbOrganization; import org.opencastproject.security.api.Organization; import org.opencastproject.util.data.Option; import org.opencastproject.util.persistence.PersistenceUtil; import org.junit.Test; /** Tests for {@link JpaAclDb}. */ public final class JpaAclDbTest { @Test public void testProvider() { // // add ACL to org1 final AccessControlList publicAcl = acl(entry("anonymous", "read", true)); final Option<ManagedAcl> acl = p.createAcl(org1, publicAcl, "public"); assertTrue(acl.isSome()); assertTrue(p.getAcl(org1, acl.get().getId()).isSome()); // ACL should not be visible for org2 assertTrue(p.getAcl(org2, acl.get().getId()).isNone()); // create duplicate which should be denied assertTrue(p.createAcl(org1, publicAcl, "public").isNone()); // // add another ACL to org1 p.createAcl(org1, acl(entries("instructor", tuple("read", true), tuple("write", true))), "instructor"); assertEquals(2, p.getAcls(org1).size()); // org2 should still have no ACLs assertEquals(0, p.getAcls(org2).size()); // // add same ACL to org2 p.createAcl(org2, publicAcl, "public"); assertEquals(1, p.getAcls(org2).size()); assertEquals(2, p.getAcls(org1).size()); // // update final ManagedAcl org1Acl = acl.get(); // update with new ACL assertTrue(p.updateAcl(new ManagedAclImpl(org1Acl.getId(), org1Acl.getName(), org1Acl.getOrganizationId(), acl(entry("anonymous", "write", true))))); assertEquals("write", p.getAcl(org1, org1Acl.getId()).get().getAcl().getEntries().get(0).getAction()); // update with new name final ManagedAcl org1AclUpdated = new ManagedAclImpl(org1Acl.getId(), "public2", org1Acl.getOrganizationId(), org1Acl.getAcl()); assertTrue(p.updateAcl(org1AclUpdated)); assertEquals("public2", p.getAcl(org1, org1AclUpdated.getId()).get().getName()); // try to update a non-existing ACL assertFalse(p.updateAcl(new ManagedAclImpl(27427492384723L, "public2", org1.getId(), org1Acl.getAcl()))); assertEquals(2, p.getAcls(org1).size()); // update without any update assertTrue(p.updateAcl(org1AclUpdated)); assertEquals(2, p.getAcls(org1).size()); // try to update an ACL of a different org assertFalse(p.updateAcl(new ManagedAclImpl(org1Acl.getId(), "bla", org2.getId(), org1Acl.getAcl()))); // // delete assertTrue(p.deleteAcl(org1, org1Acl.getId())); assertEquals(1, p.getAcls(org1).size()); // try to delete a non-existing ACL assertFalse(p.deleteAcl(org1, 894892374923L)); // try to delete an ACL of a different org assertFalse(p.deleteAcl(org2, org1Acl.getId())); assertEquals(1, p.getAcls(org2).size()); } private static final JpaAclDb p = new JpaAclDb(PersistenceUtil.newTestPersistenceEnv("org.opencastproject.authorization.xacml.manager")); private static final Organization org1 = new DefaultOrganization(); private static final Organization org2 = new JaxbOrganization("Entwine"); }