/** * Licensed to The Apereo Foundation under one or more contributor license * agreements. See the NOTICE file distributed with this work for additional * information regarding copyright ownership. * * * The Apereo Foundation licenses this file to you under the Educational * Community License, Version 2.0 (the "License"); you may not use this file * except in compliance with the License. You may obtain a copy of the License * at: * * http://opensource.org/licenses/ecl2.txt * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the * License for the specific language governing permissions and limitations under * the License. * */ package org.opencastproject.userdirectory; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.fail; import static org.opencastproject.util.data.Collections.set; import static org.opencastproject.util.persistence.PersistenceUtil.newTestEntityManagerFactory; import org.opencastproject.message.broker.api.MessageSender; import org.opencastproject.security.api.Group; import org.opencastproject.security.api.Role; import org.opencastproject.security.api.SecurityConstants; import org.opencastproject.security.api.SecurityService; import org.opencastproject.security.api.UnauthorizedException; import org.opencastproject.security.impl.jpa.JpaGroup; import org.opencastproject.security.impl.jpa.JpaOrganization; import org.opencastproject.security.impl.jpa.JpaRole; import org.opencastproject.security.impl.jpa.JpaUser; import org.opencastproject.util.NotFoundException; import org.opencastproject.util.data.Collections; import org.apache.commons.collections.IteratorUtils; import org.apache.http.HttpStatus; import org.easymock.EasyMock; import org.junit.After; import org.junit.Assert; import org.junit.Before; import org.junit.Test; import java.io.Serializable; import java.util.HashSet; import java.util.List; import java.util.Set; import javax.ws.rs.core.Response; public class JpaGroupRoleProviderTest { private JpaGroupRoleProvider provider = null; private static JpaOrganization org1 = new JpaOrganization("org1", "org1", "localhost", 80, "admin", "anon", null); private static JpaOrganization org2 = new JpaOrganization("org2", "org2", "127.0.0.1", 80, "admin", "anon", null); @Before public void setUp() throws Exception { JpaUser adminUser = new JpaUser("admin", "pass1", org1, "Admin", "admin@localhost", "opencast", true, Collections.set(new JpaRole(SecurityConstants.GLOBAL_ADMIN_ROLE, org1))); // Set the security sevice SecurityService securityService = EasyMock.createNiceMock(SecurityService.class); EasyMock.expect(securityService.getUser()).andReturn(adminUser).anyTimes(); EasyMock.expect(securityService.getOrganization()).andReturn(org1).anyTimes(); EasyMock.replay(securityService); // Create the message sender service MessageSender messageSender = EasyMock.createNiceMock(MessageSender.class); messageSender.sendObjectMessage(EasyMock.anyObject(String.class), EasyMock.anyObject(MessageSender.DestinationType.class), EasyMock.anyObject(Serializable.class)); EasyMock.expectLastCall(); EasyMock.replay(messageSender); provider = new JpaGroupRoleProvider(); provider.setSecurityService(securityService); provider.setMessageSender(messageSender); provider.setEntityManagerFactory(newTestEntityManagerFactory(JpaUserAndRoleProvider.PERSISTENCE_UNIT)); provider.activate(null); } @After public void tearDown() throws Exception { provider.deactivate(); } @Test public void testAddAndGetGroup() throws Exception { Set<JpaRole> authorities = new HashSet<JpaRole>(); authorities.add(new JpaRole("ROLE_ASTRO_101_SPRING_2011_STUDENT", org1)); Set<String> members = new HashSet<String>(); members.add("admin"); JpaGroup group = new JpaGroup("test", org1, "Test", "Test group", authorities, members); provider.addGroup(group); Group loadGroup = provider.loadGroup("test", org1.getId()); Assert.assertNotNull(loadGroup); Assert.assertEquals(loadGroup.getGroupId(), loadGroup.getGroupId()); Assert.assertEquals(loadGroup.getName(), loadGroup.getName()); Assert.assertEquals(loadGroup.getDescription(), loadGroup.getDescription()); Assert.assertEquals(loadGroup.getOrganization(), loadGroup.getOrganization()); Assert.assertEquals(loadGroup.getRole(), loadGroup.getRole()); Assert.assertEquals(loadGroup.getRoles(), loadGroup.getRoles()); Assert.assertEquals(loadGroup.getMembers(), loadGroup.getMembers()); Assert.assertNull("Loading 'does not exist' should return null", provider.loadGroup("does not exist", org1.getId())); Assert.assertNull("Loading 'does not exist' should return null", provider.loadGroup("user1", org2.getId())); } @Test(expected = UnauthorizedException.class) public void testAddGroupNotAllowedAsNonAdminUser() throws UnauthorizedException { JpaUser user = new JpaUser("user", "pass1", org1, "User", "user@localhost", "opencast", true, Collections.set(new JpaRole("ROLE_USER", org1))); // Set the security sevice SecurityService securityService = EasyMock.createNiceMock(SecurityService.class); EasyMock.expect(securityService.getUser()).andReturn(user).anyTimes(); EasyMock.expect(securityService.getOrganization()).andReturn(org1).anyTimes(); EasyMock.replay(securityService); provider.setSecurityService(securityService); JpaGroup group = new JpaGroup("test", org1, "Test", "Test group", Collections.set( new JpaRole(SecurityConstants.GLOBAL_ADMIN_ROLE, org1))); provider.addGroup(group); fail("The group with admin role should not be created by an non admin user"); } @Test public void testUpdateGroupNotAllowedAsNonAdminUser() throws UnauthorizedException { JpaGroup group = new JpaGroup("test", org1, "Test", "Test group", Collections.set( new JpaRole(SecurityConstants.GLOBAL_ADMIN_ROLE, org1))); try { provider.addGroup(group); Group loadGroup = provider.loadGroup(group.getGroupId(), group.getOrganization().getId()); assertNotNull(loadGroup); assertEquals(loadGroup.getGroupId(), loadGroup.getGroupId()); } catch (Exception e) { fail("The group schould be added"); } JpaUser user = new JpaUser("user", "pass1", org1, "User", "user@localhost", "opencast", true, Collections.set(new JpaRole("ROLE_USER", org1))); // Set the security sevice SecurityService securityService = EasyMock.createNiceMock(SecurityService.class); EasyMock.expect(securityService.getUser()).andReturn(user).anyTimes(); EasyMock.expect(securityService.getOrganization()).andReturn(org1).anyTimes(); EasyMock.replay(securityService); provider.setSecurityService(securityService); try { // try add ROLE_USER Response updateGroupResponse = provider.updateGroup(group.getGroupId(), group.getName(), group.getDescription(), "ROLE_USER, " + SecurityConstants.GLOBAL_ADMIN_ROLE, null); assertNotNull(updateGroupResponse); assertEquals(HttpStatus.SC_FORBIDDEN, updateGroupResponse.getStatus()); // try remove ROLE_ADMIN updateGroupResponse = provider.updateGroup(group.getGroupId(), group.getName(), group.getDescription(), "ROLE_USER", null); assertNotNull(updateGroupResponse); assertEquals(HttpStatus.SC_FORBIDDEN, updateGroupResponse.getStatus()); } catch (NotFoundException e) { fail("The existing group isn't found"); } } @Test public void testRemoveGroupNotAllowedAsNonAdminUser() throws UnauthorizedException { JpaGroup group = new JpaGroup("test", org1, "Test", "Test group", Collections.set( new JpaRole(SecurityConstants.GLOBAL_ADMIN_ROLE, org1))); try { provider.addGroup(group); Group loadGroup = provider.loadGroup(group.getGroupId(), group.getOrganization().getId()); assertNotNull(loadGroup); assertEquals(group.getGroupId(), loadGroup.getGroupId()); } catch (Exception e) { fail("The group should be added"); } JpaUser user = new JpaUser("user", "pass1", org1, "User", "user@localhost", "opencast", true, Collections.set(new JpaRole("ROLE_USER", org1))); // Set the security sevice SecurityService securityService = EasyMock.createNiceMock(SecurityService.class); EasyMock.expect(securityService.getUser()).andReturn(user).anyTimes(); EasyMock.expect(securityService.getOrganization()).andReturn(org1).anyTimes(); EasyMock.replay(securityService); provider.setSecurityService(securityService); Response removeGroupResponse = provider.removeGroup(group.getGroupId()); assertNotNull(removeGroupResponse); assertEquals(HttpStatus.SC_FORBIDDEN, removeGroupResponse.getStatus()); } @Test public void testDuplicateGroupCreation() { Response response = provider.createGroup("Test 1", "Test group", "ROLE_ASTRO_101_SPRING_2011_STUDENT", "admin"); assertEquals(HttpStatus.SC_CREATED, response.getStatus()); response = provider.createGroup("Test 1", "Test group 2", "ROLE_ASTRO_101_SPRING_2011_STUDENT", "admin"); assertEquals(HttpStatus.SC_CONFLICT, response.getStatus()); } @Test public void testDuplicateGroup() throws UnauthorizedException { Set<JpaRole> roles1 = set(new JpaRole("ROLE_ASTRO_101_SPRING_2011_STUDENT", org1)); Set<JpaRole> roles2 = set(new JpaRole("ROLE_ASTRO_101_SPRING_2011_STUDENT", org2)); Set<String> members = set("admin"); provider.addGroup(new JpaGroup("test1", org1, "Test", "Test group", roles1, members)); provider.addGroup(new JpaGroup("test1", org2, "Test 2", "Test group 2", roles2, members)); assertEquals("Test", provider.loadGroup("test1", org1.getId()).getName()); // duplicate group, but add group does an update so it will pass provider.addGroup(new JpaGroup("test1", org1, "Test 1", "Test group 1", roles1, members)); assertEquals("Test 1", provider.loadGroup("test1", org1.getId()).getName()); } @Test @SuppressWarnings("unchecked") public void testRoles() throws Exception { Set<JpaRole> authorities = new HashSet<JpaRole>(); authorities.add(new JpaRole("ROLE_ASTRO_101_SPRING_2011_STUDENT", org1)); authorities.add(new JpaRole("ROLE_ASTRO_109_SPRING_2012_STUDENT", org1)); Set<String> members = new HashSet<String>(); members.add("admin"); JpaGroup group = new JpaGroup("test", org1, "Test", "Test group", authorities, members); provider.addGroup(group); authorities.clear(); authorities.add(new JpaRole("ROLE_ASTRO_122_SPRING_2011_STUDENT", org1)); authorities.add(new JpaRole("ROLE_ASTRO_124_SPRING_2012_STUDENT", org1)); JpaGroup group2 = new JpaGroup("test2", org1, "Test2", "Test 2 group", authorities, members); provider.addGroup(group2); authorities.clear(); authorities.add(new JpaRole("ROLE_ASTRO_134_SPRING_2011_STUDENT", org2)); authorities.add(new JpaRole("ROLE_ASTRO_144_SPRING_2012_STUDENT", org2)); JpaGroup group3 = new JpaGroup("test2", org2, "Test2", "Test 2 group", authorities, members); provider.addGroup(group3); List<Role> roles = IteratorUtils.toList(provider.getRoles()); Assert.assertEquals("There should be four role", 6, roles.size()); roles.contains(new JpaRole(group.getRole(), org1)); roles.contains(new JpaRole(group2.getRole(), org1)); } @Test public void testRolesForUser() throws UnauthorizedException { Set<JpaRole> authorities = new HashSet<JpaRole>(); authorities.add(new JpaRole("ROLE_ASTRO_101_SPRING_2011_STUDENT", org1)); authorities.add(new JpaRole("ROLE_ASTRO_109_SPRING_2012_STUDENT", org1)); Set<String> members = new HashSet<String>(); members.add("admin"); JpaGroup group = new JpaGroup("test", org1, "Test", "Test group", authorities, members); provider.addGroup(group); authorities.clear(); authorities.add(new JpaRole("ROLE_ASTRO_122_SPRING_2011_STUDENT", org1)); authorities.add(new JpaRole("ROLE_ASTRO_124_SPRING_2012_STUDENT", org1)); JpaGroup group2 = new JpaGroup("test2", org1, "Test2", "Test 2 group", authorities, members); provider.addGroup(group2); authorities.clear(); authorities.add(new JpaRole("ROLE_ASTRO_134_SPRING_2011_STUDENT", org2)); authorities.add(new JpaRole("ROLE_ASTRO_144_SPRING_2012_STUDENT", org2)); JpaGroup group3 = new JpaGroup("test2", org2, "Test2", "Test 2 group", authorities, members); provider.addGroup(group3); List<Role> rolesForUser = provider.getRolesForUser("admin"); Assert.assertEquals("There should be four roles", 6, rolesForUser.size()); rolesForUser.contains(new JpaRole(group.getRole(), org1)); rolesForUser.contains(new JpaRole(group2.getRole(), org1)); } @Test public void testFindRoles() throws UnauthorizedException { // findRoles() should return a role per group, not the included roles for each group Set<JpaRole> authorities = new HashSet<JpaRole>(); authorities.add(new JpaRole("ROLE_ASTRO_101_SPRING_2011_STUDENT", org1)); authorities.add(new JpaRole("ROLE_ASTRO_109_SPRING_2012_STUDENT", org1)); Set<String> members = new HashSet<String>(); members.add("admin"); JpaGroup group = new JpaGroup("test", org1, "Test", "Test group", authorities, members); provider.addGroup(group); Role role = provider.findRoles("%test%", Role.Target.ALL, 0, 0).next(); Assert.assertEquals("ROLE_GROUP_TEST", role.getName()); authorities.clear(); authorities.add(new JpaRole("ROLE_ASTRO_122_SPRING_2011_STUDENT", org1)); authorities.add(new JpaRole("ROLE_ASTRO_124_SPRING_2012_STUDENT", org1)); JpaGroup group2 = new JpaGroup("test2", org1, "Test2", "Test 2 group", authorities, members); provider.addGroup(group2); authorities = new HashSet<JpaRole>(); authorities.add(new JpaRole("ROLE_ASTRO_134_SPRING_2011_STUDENT", org2)); authorities.add(new JpaRole("ROLE_ASTRO_144_SPRING_2012_STUDENT", org2)); JpaGroup group3 = new JpaGroup("test2", org2, "Test2", "Test 2 group", authorities, members); provider.addGroup(group3); Assert.assertEquals(0, IteratorUtils.toList(provider.findRoles("%PrIn%", Role.Target.ALL, 0, 0)).size()); Assert.assertEquals(0, IteratorUtils.toList(provider.findRoles("%PrIn%", Role.Target.ALL, 0, 1)).size()); Assert.assertEquals(2, IteratorUtils.toList(provider.findRoles("%test%", Role.Target.ALL, 0, 2)).size()); } }