AgentGroupRoleRelationshipTestCase.java

/*
 * JBoss, Home of Professional Open Source
 *
 * Copyright 2013 Red Hat, Inc. and/or its affiliates.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.picketlink.test.idm.relationship;

import org.junit.Test;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.RelationshipManager;
import org.picketlink.idm.model.Partition;
import org.picketlink.idm.model.basic.Agent;
import org.picketlink.idm.model.basic.BasicModel;
import org.picketlink.idm.model.basic.Group;
import org.picketlink.idm.model.basic.GroupRole;
import org.picketlink.idm.model.basic.Role;
import org.picketlink.test.idm.AbstractPartitionManagerTestCase;
import org.picketlink.test.idm.Configuration;
import org.picketlink.test.idm.testers.FileStoreConfigurationTester;
import org.picketlink.test.idm.testers.IdentityConfigurationTester;
import org.picketlink.test.idm.testers.JPAStoreConfigurationTester;
import org.picketlink.test.idm.testers.LDAPUserGroupJPARoleConfigurationTester;
import org.picketlink.test.idm.testers.SingleConfigLDAPJPAStoreConfigurationTester;

import static junit.framework.Assert.assertTrue;
import static org.junit.Assert.assertFalse;

/**
 * <p>
 * Test case for the relationship between {@link Agent}, {@link Group} and {@link Role} types.
 * 
 * @author <a href="mailto:psilva@redhat.com">Pedro Silva</a>
 * 
 */
@Configuration(include= {JPAStoreConfigurationTester.class, FileStoreConfigurationTester.class,
        SingleConfigLDAPJPAStoreConfigurationTester.class,
        LDAPUserGroupJPARoleConfigurationTester.class})
public class AgentGroupRoleRelationshipTestCase<T extends Agent> extends AbstractPartitionManagerTestCase {

    public AgentGroupRoleRelationshipTestCase(IdentityConfigurationTester builder) {
        super(builder);
    }

    protected T createIdentityType(String name, Partition partition) {
        if (name == null) {
            name = "someAgent";
        }

        return (T) createAgent(name, partition);
    }

    protected T createIdentityType(String name) {
        return (T) createAgent(name, null);
    }

    protected T getIdentityType() {
        return (T) getAgent("someAgent");
    }

    /**
     * <p>
     * Tests adding an {@link Agent} as a member of a {@link Group} with a specific {@link Role}.
     * </p>
     * 
     * @throws Exception
     */
    @Test
    public void testGrantGroupRole() throws Exception {
        T developerAgent = createIdentityType("developer");
        T projectManagerAgent = createIdentityType("projectManager");

        Role managerRole = createRole("Manager");
        Role developerRole = createRole("Developer");
        Role employeeRole = createRole("Employee");

        Group companyGroup = createGroup("Company Group", null);
        Group projectGroup = createGroup("Project Group", null);

        RelationshipManager relationshipManager = getPartitionManager().createRelationshipManager();
        IdentityManager identityManager = getIdentityManager();

        // developerAgent is an employee at the company group
        BasicModel.grantGroupRole(relationshipManager, developerAgent, employeeRole, companyGroup);

        // developerAgent is a developer at the project group
        BasicModel.grantGroupRole(relationshipManager, developerAgent, developerRole, projectGroup);

        // projectManagerAgent is an employee at the company group
        BasicModel.grantGroupRole(relationshipManager, projectManagerAgent, employeeRole, companyGroup);

        // projectManagerAgent is the manager of the project group
        BasicModel.grantGroupRole(relationshipManager, projectManagerAgent, managerRole, projectGroup);

        assertTrue(BasicModel.hasGroupRole(relationshipManager, developerAgent, employeeRole, companyGroup));
        assertTrue(BasicModel.hasGroupRole(relationshipManager, developerAgent, developerRole, projectGroup));

        assertTrue(BasicModel.hasGroupRole(relationshipManager, projectManagerAgent, employeeRole, companyGroup));
        assertTrue(BasicModel.hasGroupRole(relationshipManager, projectManagerAgent, managerRole, projectGroup));

        assertFalse(BasicModel.hasGroupRole(relationshipManager, developerAgent, managerRole, projectGroup));
        assertFalse(BasicModel.hasGroupRole(relationshipManager, projectManagerAgent, developerRole, projectGroup));

        assertFalse(BasicModel.isMember(relationshipManager, developerAgent, projectGroup));
        assertFalse(BasicModel.isMember(relationshipManager, developerAgent, companyGroup));
        assertFalse(BasicModel.hasRole(relationshipManager, developerAgent, employeeRole));
    }

    @Test
    @Configuration(exclude = SingleConfigLDAPJPAStoreConfigurationTester.class)
    public void testGrantParentGroupRole() throws Exception {
        IdentityManager identityManager = getIdentityManager();

        Group administratorsGroup = createGroup("Administrators", null);

        Group systemAdministradorsGroup = createGroupWithParent("System Administrators", administratorsGroup);

        Group databaseAdministratorsGroup = createGroupWithParent("Database Administrators", systemAdministradorsGroup);

        Role managerRole = createRole("Administrators Manager");

        T agent = createIdentityType("agent", null);

        RelationshipManager relationshipManager = getPartitionManager().createRelationshipManager();

        BasicModel.grantGroupRole(relationshipManager, agent, managerRole, administratorsGroup);

        assertTrue(BasicModel.hasGroupRole(relationshipManager, agent, managerRole, administratorsGroup));
        assertTrue(BasicModel.hasGroupRole(relationshipManager, agent, managerRole, databaseAdministratorsGroup));
        assertTrue(BasicModel.hasGroupRole(relationshipManager, agent, managerRole, systemAdministradorsGroup));

        Role securityManager = createRole("Data Security Manager");

        BasicModel.grantGroupRole(relationshipManager, agent, securityManager, databaseAdministratorsGroup);

        assertTrue(BasicModel.hasGroupRole(relationshipManager, agent, securityManager, databaseAdministratorsGroup));
        assertFalse(BasicModel.hasGroupRole(relationshipManager, agent, securityManager, administratorsGroup));
        assertFalse(BasicModel.hasGroupRole(relationshipManager, agent, securityManager, systemAdministradorsGroup));

        BasicModel.revokeGroupRole(relationshipManager, agent, managerRole, administratorsGroup);

        assertFalse(BasicModel.hasGroupRole(relationshipManager, agent, managerRole, administratorsGroup));
        assertFalse(BasicModel.hasGroupRole(relationshipManager, agent, managerRole, databaseAdministratorsGroup));
        assertFalse(BasicModel.hasGroupRole(relationshipManager, agent, managerRole, systemAdministradorsGroup));

        BasicModel.grantGroupRole(relationshipManager, agent, managerRole, systemAdministradorsGroup);

        assertTrue(BasicModel.hasGroupRole(relationshipManager, agent, managerRole, databaseAdministratorsGroup));
        assertTrue(BasicModel.hasGroupRole(relationshipManager, agent, managerRole, systemAdministradorsGroup));
        assertFalse(BasicModel.hasGroupRole(relationshipManager, agent, managerRole, administratorsGroup));
    }

    /**
     * <p>
     * Tests revoking a {@link GroupRole}.
     * </p>
     * 
     * @throws Exception
     */
    @Test
    public void testRevokeGroupRole() throws Exception {
        T developerAgent = createIdentityType("developerAgent", null);

        Role developerRole = createRole("Developer");
        Role employeeRole = createRole("Employee");

        Group companyGroup = createGroup("Company Group", null);
        Group projectGroup = createGroup("Project Group", null);

        RelationshipManager relationshipManager = getPartitionManager().createRelationshipManager();
        IdentityManager identityManager = getIdentityManager();

        // developerAgent is an employee at the company group
        BasicModel.grantGroupRole(relationshipManager, developerAgent, employeeRole, companyGroup);

        // developerAgent is a developer at the project group
        BasicModel.grantGroupRole(relationshipManager, developerAgent, developerRole, projectGroup);

        assertTrue(BasicModel.hasGroupRole(relationshipManager, developerAgent, employeeRole, companyGroup));
        assertTrue(BasicModel.hasGroupRole(relationshipManager, developerAgent, developerRole, projectGroup));

        BasicModel.revokeGroupRole(relationshipManager, developerAgent, developerRole, projectGroup);

        assertFalse(BasicModel.hasGroupRole(relationshipManager, developerAgent, developerRole, projectGroup));
        assertTrue(BasicModel.hasGroupRole(relationshipManager, developerAgent, employeeRole, companyGroup));

        BasicModel.revokeGroupRole(relationshipManager, developerAgent, employeeRole, companyGroup);

        assertFalse(BasicModel.hasGroupRole(relationshipManager, developerAgent, employeeRole, companyGroup));
    }

}