SetGroupPermissionsTest.java example

Explorer
openmicroscopy-master
/*
 *   $Id$
 *
 *   Copyright 2010-2014 Glencoe Software, Inc. All rights reserved.
 *   Use is subject to license terms supplied in LICENSE.txt
 */
package ome.server.itests.perms42;

import ome.conditions.SecurityViolation;
import ome.model.core.Image;
import ome.model.internal.Permissions;
import ome.model.meta.ExperimenterGroup;

import org.testng.annotations.Test;

/**
 * Test of the group permission setting in Beta4.2
 *
 * @since Beta-4.2.0
 *
 */
@Test(groups = "ticket:1434")
public class SetGroupPermissionsTest extends PermissionsTest {

    @Test
    public void testOnGroupCreationPermissionsAreSet() throws Exception {
        String name = "privateGroup-" + uuid();
        ExperimenterGroup privateGroup = new ExperimenterGroup();
        privateGroup.setName(name);
        privateGroup.setLdap(false);
        privateGroup.getDetails().setPermissions(Permissions.USER_PRIVATE);
        long gid = iAdmin.createGroup(privateGroup);
        privateGroup = iAdmin.getGroup(gid);
        Permissions perms = privateGroup.getDetails().getPermissions();
        assertTrue(perms + "", Permissions.USER_PRIVATE.identical(perms));
    }

    @Test
    public void testGroupsCanBeMadeShared() throws Exception {
        setup(Permissions.USER_PRIVATE);
        fixture.make_leader();

        Image image = fixture.saveImage();
        iAdmin.changePermissions(fixture.group(), Permissions.GROUP_PRIVATE);
        assertShared(fixture.group());
        assertShared(image);
    }

    @Test
    public void testGroupsCanBeMadeSharedViaUpdateGroup() throws Exception {
        setup(Permissions.USER_PRIVATE);
        Image image = fixture.saveImage();
        ExperimenterGroup group = fixture.group();
        group.getDetails().setPermissions(Permissions.COLLAB_READONLY);
        loginRootKeepGroup();
        iAdmin.updateGroup(group);
        assertShared(fixture.group());
        assertShared(image);
    }

    @Test
    public void testGroupsCanBeMadeSharedWriteable() throws Exception {
        setup(Permissions.PRIVATE);
        fixture.make_leader();

        Image image = fixture.saveImage();

        iAdmin.changePermissions(fixture.group(), Permissions.COLLAB_READLINK);
        assertSharedAndWritable(fixture.group());
        assertSharedAndWritable(image);
    }

    @Test
    public void testGroupsCanBeMadePublic() throws Exception {
        setup(Permissions.USER_PRIVATE);
        fixture.make_leader();

        Image image = fixture.saveImage();
        assertPrivate(image);
        assertPrivate(fixture.group());
        iAdmin.changePermissions(fixture.group(), Permissions.PUBLIC);
        assertPublic(fixture.group());
        assertPublic(image);
    }

    @Test
    public void testGroupsCanBeMadePrivateAgain() throws Exception {
        setup(Permissions.USER_PRIVATE);
        fixture.make_leader();

        Image image = fixture.saveImage();
        iAdmin.changePermissions(fixture.group(), Permissions.PUBLIC);
        assertPublic(image);
        assertPublic(fixture.group());
        iAdmin.changePermissions(fixture.group(), Permissions.USER_PRIVATE);
        fail("NYI");
        assertPrivate(image);
        assertPrivate(fixture.group());
    }

    @Test
    public void testEventLogExistsOfGroupChange() throws Exception {
        fail();
    }


    /**
     * A newly created group should have private permissions. If we try to just
     * chmod the group it should fail with a security violation since various
     * things have to happen (e.g. changing all objects)
     */
    @Test
    public void testBackdoorChangingOfGroupPermissionsDisallowed() throws Exception {

        setup(Permissions.USER_PRIVATE);
        assertPrivate(fixture.group());

        try {
            loginRoot();
            ExperimenterGroup g = fixture.group();
            g.getDetails().setPermissions(Permissions.PUBLIC);
            g = iUpdate.saveAndReturnObject(g);
            fail("ticket:1434");
        } catch (SecurityViolation sv) {
            // good
        }

        // This is the supported way of changing your group's permissions
        iAdmin.changePermissions(fixture.group(), Permissions.PUBLIC);
        assertPublic(fixture.group());
    }

    @Test
    public void testLoweringPermissionsDoesntBreakConsistency() throws Exception {
        fail();
    }

    @Test
    public void testCopiedFromPython() throws Exception {
        
        loginRoot();
        
        String uuid = iAdmin.getEventContext().getCurrentSessionUuid();
        ExperimenterGroup new_gr1 = new ExperimenterGroup();
        new_gr1.setName("group1_"+uuid);
        new_gr1.setLdap(false);
        Permissions p = Permissions.COLLAB_READLINK;
        new_gr1.getDetails().setPermissions(p);
        long g1_id = iAdmin.createGroup(new_gr1);
            
        //  update name of group1
        ExperimenterGroup gr1 = iAdmin.getGroup(g1_id);
        assertEquals("rwrw--", gr1.getDetails().getPermissions().toString());
        String new_name = "changed_name_group1_" + uuid;
        gr1.setName(new_name);
        iAdmin.updateGroup(gr1);
        ExperimenterGroup gr1_u = iAdmin.getGroup(g1_id);
        assertEquals(new_name, gr1_u.getName());
    }
}