From 085c3c52331374c00eece0885eef8d8c84a1b855 Mon Sep 17 00:00:00 2001 From: jensp Date: Wed, 25 Jan 2017 20:18:00 +0000 Subject: [PATCH] CCM NG: Inherited permissions are now stored in the database for each object making it possible to check permissions when querying data from the database. The InheritsPermissions interface has been removed. Also, the usage of the cleanup script has been changed. The automatic cleanup of Arquillian is not longer disabled (in ccm-core). Instead a custom cleanup script is applied using the @CleanupUsingScript annotation on the test classes. git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@4536 8810af33-2d31-482b-a856-94f89814c4df --- .../java/com/arsdigita/cms/ui/BrowsePane.java | 17 +- .../cms/ui/folder/FolderEditForm.java | 2 +- .../org/librecms/contentsection/Asset.java | 20 +- .../contentsection/AttachmentList.java | 13 - .../librecms/contentsection/ContentItem.java | 33 +-- .../librecms/contentsection/ContentType.java | 10 +- .../org/librecms/contentsection/Folder.java | 13 +- .../org/libreccm/categorization/Category.java | 12 +- .../security/InheritsPermissions.java | 49 ---- .../org/libreccm/security/Permission.java | 11 +- .../libreccm/security/PermissionChecker.java | 65 +---- .../libreccm/security/PermissionManager.java | 80 +++++- .../categorization/CategoryManagerTest.java | 3 + .../CategoryRepositoryTest.java | 4 + .../ConfigurationManagerTest.java | 3 + .../core/CcmObjectRepositoryTest.java | 3 + .../modules/ConfigurationLoaderTest.java | 4 +- .../portation/CoreDataImportTest.java | 5 +- .../AuthorizationInterceptorTest.java | 5 +- .../security/ChallengeManagerTest.java | 5 +- .../libreccm/security/GroupManagerTest.java | 4 + .../security/GroupRepositoryTest.java | 4 + .../security/OneTimeAuthManagerTest.java | 4 + .../security/PartyRepositoryTest.java | 4 + .../security/PermissionCheckerTest.java | 4 + .../security/PermissionManagerTest.java | 255 +++++++++--------- .../libreccm/security/RoleManagerTest.java | 3 + .../libreccm/security/RoleRepositoryTest.java | 6 + .../security/SecuredCollectionTest.java | 4 + .../security/SecuredIteratorTest.java | 4 + .../java/org/libreccm/security/ShiroTest.java | 6 +- .../libreccm/security/UserManagerTest.java | 3 + .../libreccm/security/UserRepositoryTest.java | 2 + .../arquillian.xml | 6 +- .../scripts/cleanup.sql | 41 +++ .../arquillian.xml | 8 +- .../scripts/cleanup.sql | 41 +++ .../CategoryManagerTest/data.yml | 42 ++- .../after-save-new-category.yml | 2 + .../CategoryRepositoryTest/data.yml | 2 + .../PermissionManagerTest/after-copy.yml | 4 + .../PermissionManagerTest/after-revoke.yml | 1 + .../security/PermissionManagerTest/data.yml | 3 + .../org/libreccm/security/ShiroTest/data.yml | 4 + pom.xml | 40 +-- 45 files changed, 478 insertions(+), 376 deletions(-) delete mode 100644 ccm-core/src/main/java/org/libreccm/security/InheritsPermissions.java create mode 100644 ccm-core/src/test/resources-wildfly-remote-h2-mem/scripts/cleanup.sql create mode 100644 ccm-core/src/test/resources-wildfly-remote-pgsql/scripts/cleanup.sql diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/BrowsePane.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/BrowsePane.java index bb664104c..0d20ed6b1 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/BrowsePane.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/BrowsePane.java @@ -195,17 +195,12 @@ public class BrowsePane extends LayoutPanel implements Resettable { if (object instanceof Category) { final Category category = (Category) object; - if (category.getParent().isPresent()) { - final CcmObject result = category.getParent().get(); - - if (result instanceof Category) { - object = result; - tree.expand( - ((Long) object.getObjectId()).toString(), - state); - } else { - object = null; - } + if (category.getParentCategory() != null) { + final Category result = category.getParentCategory(); + object = result; + tree.expand( + ((Long) object.getObjectId()).toString(), + state); } else { object = null; } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderEditForm.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderEditForm.java index 103eeff59..6af47fc49 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderEditForm.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderEditForm.java @@ -52,7 +52,7 @@ class FolderEditForm extends FolderBaseForm { final FolderRequestLocal parent = new FolderRequestLocal(null) { @Override protected final Object initialValue(final PageState state) { - return folder.getFolder(state).getParent().get(); + return folder.getFolder(state).getParentFolder(); } }; diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/Asset.java b/ccm-cms/src/main/java/org/librecms/contentsection/Asset.java index d2f74e6cb..9b75b4317 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/Asset.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/Asset.java @@ -22,7 +22,6 @@ import org.hibernate.envers.Audited; import org.libreccm.categorization.Categorization; import org.libreccm.core.CcmObject; import org.libreccm.l10n.LocalizedString; -import org.libreccm.security.InheritsPermissions; import org.librecms.CmsConstants; import java.util.ArrayList; @@ -133,7 +132,7 @@ import static org.librecms.CmsConstants.*; + "AND LOWER(a.displayName) LIKE CONCAT(LOWER(:name), '%') " + "AND TYPE(a) = :type") }) -public class Asset extends CcmObject implements InheritsPermissions { +public class Asset extends CcmObject { private static final long serialVersionUID = -3499741368562653529L; @@ -191,23 +190,6 @@ public class Asset extends CcmObject implements InheritsPermissions { itemAttachments.remove(itemAttachment); } - @Override - public Optional getParent() { - // For sharable assets the parent is the folder in the asset is stored - final Optional folder = getFolder(); - if (folder.isPresent()) { - return folder; - } - - if (itemAttachments == null || itemAttachments.isEmpty()) { - return Optional.empty(); - } else { - return Optional.of(itemAttachments.get(0).getAttachmentList() - .getItem()); - } - - } - private Optional getFolder() { final Optional result = getCategories() .stream() diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/AttachmentList.java b/ccm-cms/src/main/java/org/librecms/contentsection/AttachmentList.java index d15f369d0..e0d2c629e 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/AttachmentList.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/AttachmentList.java @@ -19,10 +19,8 @@ package org.librecms.contentsection; import org.hibernate.envers.Audited; -import org.libreccm.core.CcmObject; import org.libreccm.core.Identifiable; import org.libreccm.l10n.LocalizedString; -import org.libreccm.security.InheritsPermissions; import org.libreccm.security.RecursivePermissions; import org.librecms.contentsection.privileges.AssetPrivileges; @@ -31,7 +29,6 @@ import java.util.ArrayList; import java.util.Collections; import java.util.List; import java.util.Objects; -import java.util.Optional; import javax.persistence.AssociationOverride; import javax.persistence.Column; @@ -71,7 +68,6 @@ import static org.librecms.CmsConstants.*; }) public class AttachmentList implements Comparable, Identifiable, - InheritsPermissions, Serializable { private static final long serialVersionUID = -7931234562247075541L; @@ -174,15 +170,6 @@ public class AttachmentList implements Comparable, protected void setItem(final ContentItem item) { this.item = item; } - - @Override - public Optional getParent() { - if (item == null) { - return Optional.empty(); - } else { - return Optional.of(item); - } - } public String getName() { return name; diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/ContentItem.java b/ccm-cms/src/main/java/org/librecms/contentsection/ContentItem.java index 0f42b0ebd..cf4bf2b62 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/ContentItem.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/ContentItem.java @@ -21,11 +21,9 @@ package org.librecms.contentsection; import org.hibernate.envers.Audited; import org.hibernate.envers.RelationTargetAuditMode; import org.hibernate.search.annotations.Field; -import org.hibernate.search.annotations.Indexed; import org.libreccm.categorization.Categorization; import org.libreccm.core.CcmObject; import org.libreccm.l10n.LocalizedString; -import org.libreccm.security.InheritsPermissions; import org.libreccm.workflow.Workflow; import org.librecms.CmsConstants; import org.librecms.lifecycle.Lifecycle; @@ -56,9 +54,6 @@ import javax.persistence.Temporal; import javax.persistence.TemporalType; import org.hibernate.search.annotations.IndexedEmbedded; -import org.libreccm.security.RecursivePermissions; -import org.librecms.contentsection.privileges.AssetPrivileges; -import org.librecms.contentsection.privileges.ItemPrivileges; import static org.librecms.CmsConstants.*; @@ -72,6 +67,16 @@ import static org.librecms.CmsConstants.*; @Table(name = "CONTENT_ITEMS", schema = DB_SCHEMA) //@Indexed @NamedQueries({ + @NamedQuery( + name = "ContentItem.findById", + query = "SELECT i FROM ContentItem i " + + "WHERE i.objectId = :objectId " + + "AND (EXISTS(SELECT p FROM Permission p " + + "WHERE p.grantedPrivilege = 'read' " + + "AND p.grantee IN :roles " + + "AND p.object = i)" + + "OR true = :admin)") + , @NamedQuery( name = "ContentItem.findByType", query = "SELECT i FROM ContentItem i WHERE TYPE(i) = :type") @@ -152,8 +157,7 @@ import static org.librecms.CmsConstants.*; + "WHERE i.workflow = :workflow" ) }) -public class ContentItem extends CcmObject implements Serializable, - InheritsPermissions { +public class ContentItem extends CcmObject implements Serializable { private static final long serialVersionUID = 5897287630227129653L; @@ -370,21 +374,6 @@ public class ContentItem extends CcmObject implements Serializable, this.workflow = workflow; } - @Override - public Optional getParent() { - final List result = getCategories().stream().filter( - categorization -> CmsConstants.CATEGORIZATION_TYPE_FOLDER. - equals( - categorization.getType())) - .collect(Collectors.toList()); - - if (result.isEmpty()) { - return Optional.empty(); - } else { - return Optional.of(result.get(0).getCategory()); - } - } - @Override public int hashCode() { int hash = super.hashCode(); diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/ContentType.java b/ccm-cms/src/main/java/org/librecms/contentsection/ContentType.java index fccbecc92..d5f3ebd86 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/ContentType.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/ContentType.java @@ -25,13 +25,11 @@ import static org.librecms.CmsConstants.*; import org.libreccm.core.CcmObject; import org.libreccm.l10n.LocalizedString; -import org.libreccm.security.InheritsPermissions; import org.libreccm.workflow.WorkflowTemplate; import org.librecms.lifecycle.LifecycleDefinition; import java.io.Serializable; import java.util.Objects; -import java.util.Optional; import javax.persistence.AssociationOverride; import javax.persistence.Column; @@ -71,8 +69,7 @@ import javax.persistence.Table; + "WHERE i.contentType = :type" ) }) -public class ContentType extends CcmObject implements InheritsPermissions, - Serializable { +public class ContentType extends CcmObject implements Serializable { private static final long serialVersionUID = -2708659750560382851L; @@ -193,11 +190,6 @@ public class ContentType extends CcmObject implements InheritsPermissions, protected void setDefaultWorkflow(final WorkflowTemplate defaultWorkflow) { this.defaultWorkflow = defaultWorkflow; } - - @Override - public Optional getParent() { - return Optional.of(contentSection); - } @Override public int hashCode() { diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/Folder.java b/ccm-cms/src/main/java/org/librecms/contentsection/Folder.java index d9d5d1e03..99ccdc511 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/Folder.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/Folder.java @@ -25,7 +25,6 @@ import javax.persistence.Table; import org.libreccm.categorization.Category; import org.libreccm.core.CcmObject; -import org.libreccm.security.InheritsPermissions; import java.io.Serializable; import java.util.Collections; @@ -60,8 +59,7 @@ import static org.librecms.CmsConstants.*; name = "Folder.findByName", query = "SELECT f FROM Folder f WHERE f.name = :name") }) -public class Folder extends Category implements InheritsPermissions, - Serializable { +public class Folder extends Category implements Serializable { private static final long serialVersionUID = 1L; @@ -94,15 +92,6 @@ public class Folder extends Category implements InheritsPermissions, this.type = type; } - @Override - public Optional getParent() { - if (getParentFolder() == null) { - return Optional.of(section); - } else { - return Optional.of(getParentFolder()); - } - } - /** * A convenient method for getting all sub folders of folder. * diff --git a/ccm-core/src/main/java/org/libreccm/categorization/Category.java b/ccm-core/src/main/java/org/libreccm/categorization/Category.java index 7854bd593..2d77e4cd4 100644 --- a/ccm-core/src/main/java/org/libreccm/categorization/Category.java +++ b/ccm-core/src/main/java/org/libreccm/categorization/Category.java @@ -28,7 +28,6 @@ import org.libreccm.core.CcmObject; import org.libreccm.core.DefaultEntityGraph; import org.libreccm.l10n.LocalizedString; import org.libreccm.portation.Portable; -import org.libreccm.security.InheritsPermissions; import org.libreccm.security.RecursivePermissions; import java.io.Serializable; @@ -75,7 +74,8 @@ import javax.xml.bind.annotation.XmlRootElement; @NamedQueries({ @NamedQuery( name = "Category.topLevelCategories", - query = "SELECT c FROM Category c WHERE c.parentCategory IS NULL"), + query = "SELECT c FROM Category c WHERE c.parentCategory IS NULL") + , @NamedQuery( name = "Category.findByName", query = "SELECT c FROM Category c WHERE c.name = :name") @@ -103,8 +103,7 @@ import javax.xml.bind.annotation.XmlRootElement; }) @DefaultEntityGraph("Category.withSubCategoriesAndObjects") @XmlRootElement(name = "category", namespace = CAT_XML_NS) -public class Category extends CcmObject implements InheritsPermissions, - Serializable, Portable { +public class Category extends CcmObject implements Serializable, Portable { private static final long serialVersionUID = -7250208963391878547L; @@ -348,11 +347,6 @@ public class Category extends CcmObject implements InheritsPermissions, this.categoryOrder = categoryOrder; } - @Override - public Optional getParent() { - return Optional.ofNullable(getParentCategory()); - } - @Override public int hashCode() { int hash = super.hashCode(); diff --git a/ccm-core/src/main/java/org/libreccm/security/InheritsPermissions.java b/ccm-core/src/main/java/org/libreccm/security/InheritsPermissions.java deleted file mode 100644 index f17e7c309..000000000 --- a/ccm-core/src/main/java/org/libreccm/security/InheritsPermissions.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (C) 2015 LibreCCM Foundation. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ -package org.libreccm.security; - -import org.libreccm.core.CcmObject; - -import java.util.Optional; - -/** - * Subclasses of {@link CcmObject} can implement this interface to inherit - * the permissions of their parent object. This interface is processed by the - * {@link PermissionChecker}. - * - * @see PermissionChecker#checkPermission(java.lang.String, - * org.libreccm.core.CcmObject) - * @see PermissionChecker#isPermitted(java.lang.String, - * org.libreccm.core.CcmObject) - * - * @author Jens Pelzetter - */ -public interface InheritsPermissions { - - /** - * This method needs to be overwritten by implementers of interface - * - * @return The parent object of the implementing object. The - * {@link PermissionChecker} will use the permissions granted on the parent - * object in addition to the permissions granted on the object itself to - * determine if a user is granted a specific privilege on the object. - */ - Optional getParent(); - -} diff --git a/ccm-core/src/main/java/org/libreccm/security/Permission.java b/ccm-core/src/main/java/org/libreccm/security/Permission.java index 5d8e0d2d7..db739acdb 100644 --- a/ccm-core/src/main/java/org/libreccm/security/Permission.java +++ b/ccm-core/src/main/java/org/libreccm/security/Permission.java @@ -63,7 +63,15 @@ import javax.persistence.OneToOne; query = "SELECT COUNT(p) FROM Permission p " + "WHERE p.grantedPrivilege = :privilege " + "AND p.grantee = :grantee " - + "AND p.object = :object") + + "AND p.object = :object " + + "AND p.inherited = false") + , + @NamedQuery(name = "Permission.existsInheritedForPrivilegeRoleObject", + query = "SELECT COUNT(p) FROM Permission p " + + "WHERE p.grantedPrivilege = :privilege " + + "AND p.grantee = :grantee " + + "AND p.object = :object " + + "AND p.inherited = true") , @NamedQuery(name = "Permission.existsForPrivilegeAndRole", query = "SELECT count(p) FROM Permission p " @@ -78,6 +86,7 @@ import javax.persistence.OneToOne; @NamedQuery(name = "Permission.findPermissionsForCcmObject", query = "SELECT p FROM Permission p " + "WHERE p.object = :object") + }) @XmlRootElement(name = "permission", namespace = CORE_XML_NS) @XmlAccessorType(XmlAccessType.FIELD) diff --git a/ccm-core/src/main/java/org/libreccm/security/PermissionChecker.java b/ccm-core/src/main/java/org/libreccm/security/PermissionChecker.java index 8de073796..b4a64fee3 100644 --- a/ccm-core/src/main/java/org/libreccm/security/PermissionChecker.java +++ b/ccm-core/src/main/java/org/libreccm/security/PermissionChecker.java @@ -105,8 +105,7 @@ public class PermissionChecker { /** * Checks if the current subject has a permission granting the provided - * {@code privilege} on the provided {@code object} or its parent object(s) - * if the object implements the {@link InheritsPermissions} interface. + * {@code privilege} on the provided {@code object}. * * @param privilege The granted privilege. * @param object The object on which the privilege is granted. @@ -116,33 +115,18 @@ public class PermissionChecker { * subject. */ public boolean isPermitted(final String privilege, final CcmObject object) { - final boolean result; if (subject.isAuthenticated()) { - result = subject.isPermitted(generatePermissionString( + return subject.isPermitted(generatePermissionString( privilege, object)); } else { - result = shiro.getPublicUser().isPermitted(generatePermissionString( + return shiro.getPublicUser().isPermitted(generatePermissionString( privilege, object)); } - if (result) { - return result; - } else if (object instanceof InheritsPermissions) { - if (((InheritsPermissions) object).getParent().isPresent()) { - return isPermitted( - privilege, - ((InheritsPermissions) object).getParent().get()); - } else { - return result; - } - } else { - return result; - } } /** * Checks if the provided {@code role} has a permission granting the - * provided {@code privilege} on the provided object or its parent object(s) - * if the object implements the {@link InheritsPermissions} interface. + * provided {@code privilege} on the provided object. * * @param privilege The granted privilege. * @param object The object on which the {@code privilege} is granted. @@ -181,23 +165,7 @@ public class PermissionChecker { .filter(granted -> granted.getObject() != null) .filter(granted -> object.equals(granted.getObject())) .findFirst(); - result = permission.isPresent(); - - if (result) { - return result; - } else if (object instanceof InheritsPermissions) { - if (((InheritsPermissions) object).getParent().isPresent()) { - return isPermitted( - privilege, - ((InheritsPermissions) object).getParent().get(), - role); - } else { - return result; - } - } else { - return result; - } - + return permission.isPresent(); } /** @@ -224,11 +192,8 @@ public class PermissionChecker { * Checks if the current subject has a permission granting the provided * privilege on the provided object. * - * If the object implements the {@link InheritsPermissions} interface the - * method also checks the parent objects for a permission granting the - * provided privilege. * - * @param privilege The privilige to check for. + * @param privilege The privilege to check for. * @param object The object on which the privilege is granted. * * @throws AuthorizationException If there is no permission granting the @@ -238,23 +203,7 @@ public class PermissionChecker { public void checkPermission(final String privilege, final CcmObject object) throws AuthorizationException { - if (object instanceof InheritsPermissions) { - final boolean result = isPermitted(privilege, object); - - if (!result) { - if (((InheritsPermissions) object).getParent().isPresent()) { - checkPermission( - privilege, - ((InheritsPermissions) object).getParent().get()); - } else if (subject.isAuthenticated()) { - subject.checkPermission(generatePermissionString( - privilege, object)); - } else { - shiro.getPublicUser().checkPermission( - generatePermissionString(privilege, object)); - } - } - } else if (subject.isAuthenticated()) { + if (subject.isAuthenticated()) { subject.checkPermission(generatePermissionString(privilege, object)); } else { shiro.getPublicUser().checkPermission(generatePermissionString( diff --git a/ccm-core/src/main/java/org/libreccm/security/PermissionManager.java b/ccm-core/src/main/java/org/libreccm/security/PermissionManager.java index 70093e536..fd890dd78 100644 --- a/ccm-core/src/main/java/org/libreccm/security/PermissionManager.java +++ b/ccm-core/src/main/java/org/libreccm/security/PermissionManager.java @@ -97,40 +97,51 @@ public class PermissionManager { "Can't grant a permission on object NULL."); } + if (existsInheritedPermission(privilege, grantee, object)) { + revokePrivilege(privilege, grantee, object); + } + if (!existsPermission(privilege, grantee, object)) { final Permission permission = new Permission(); permission.setGrantee(grantee); permission.setGrantedPrivilege(privilege); permission.setObject(object); + permission.setInherited(false); entityManager.persist(permission); - grantRecursive(privilege, grantee, object, object.getClass()); + grantRecursive(privilege, grantee, object, object.getClass(), object); } } private void grantRecursive(final String privilege, final Role grantee, final CcmObject object, - final Class clazz) { + final Class clazz, + final CcmObject inheritedFrom) { final Field[] fields = clazz.getDeclaredFields(); Arrays.stream(fields) .filter(field -> field.isAnnotationPresent( RecursivePermissions.class)) .forEach(field -> { field.setAccessible(true); - grantRecursive(privilege, grantee, field, object); + grantRecursive(privilege, grantee, field, object, inheritedFrom); }); if (clazz.getSuperclass() != null) { - grantRecursive(privilege, grantee, object, clazz.getSuperclass()); + grantRecursive(privilege, + grantee, + object, + clazz.getSuperclass(), + inheritedFrom); } } private void grantRecursive(final String privilege, final Role grantee, final Field field, - final CcmObject owner) { + final CcmObject owner, + final CcmObject inheritedFrom) { final Object value; try { value = field.get(owner); @@ -147,19 +158,28 @@ public class PermissionManager { collection.stream() .filter(obj -> obj instanceof CcmObject) .map(obj -> (CcmObject) obj) - .forEach(obj -> grantPrivilege(privilege, grantee, obj)); + .forEach(obj -> grantInherited(privilege, + grantee, + obj, + inheritedFrom)); collection.stream() .filter(obj -> obj instanceof Relation) .map(obj -> (Relation) obj) .filter(relation -> relation.getRelatedObject() != null) .map(relation -> relation.getRelatedObject()) - .forEach(obj -> grantPrivilege(privilege, grantee, obj)); + .forEach(obj -> grantInherited(privilege, + grantee, + obj, + inheritedFrom)); } else if (CcmObject.class.isAssignableFrom(field.getType())) { grantPrivilege(privilege, grantee, (CcmObject) value); } else if (Relation.class.isAssignableFrom(field.getType())) { final Relation relation = (Relation) value; if (relation.getRelatedObject() != null) { - grantPrivilege(privilege, grantee, relation.getRelatedObject()); + grantInherited(privilege, + grantee, + relation.getRelatedObject(), + inheritedFrom); } } else { throw new IllegalArgumentException(String.format( @@ -170,6 +190,29 @@ public class PermissionManager { } } + private void grantInherited(final String privilege, + final Role grantee, + final CcmObject object, + final CcmObject inheritedFrom) { + + if (!existsPermission(privilege, grantee, object)) { + final Permission permission = new Permission(); + permission.setGrantee(grantee); + permission.setGrantedPrivilege(privilege); + permission.setObject(object); + permission.setInherited(true); + permission.setInheritedFrom(inheritedFrom); + + entityManager.persist(permission); + + grantRecursive(privilege, + grantee, + object, + object.getClass(), + inheritedFrom); + } + } + /** * Grants a privilege to a role. If the privilege was already granted, the * method does nothing. @@ -250,8 +293,8 @@ public class PermissionManager { + "AND p.inherited = true"); deleteInheritedQuery.setParameter(QUERY_PARAM_PRIVILEGE, privilege); deleteInheritedQuery.setParameter(QUERY_PARAM_GRANTEE, grantee); - deleteInheritedQuery.setParameter("p.inheritedFrom", object); - deleteQuery.executeUpdate(); + deleteInheritedQuery.setParameter("object", object); + deleteInheritedQuery.executeUpdate(); } } @@ -361,8 +404,9 @@ public class PermissionManager { } /** - * Checks if a permission granting the provided {@code privilege} on the - * provided {@code object} to the provided {@code role} exists. + * Checks if a not inherited permission granting the provided + * {@code privilege} on the provided {@code object} to the provided + * {@code role} exists. * * @param privilege The privilege granted by the permission. * @param grantee The role to which the privilege was granted. @@ -383,6 +427,18 @@ public class PermissionManager { return query.getSingleResult() > 0; } + private boolean existsInheritedPermission(final String privilege, + final Role grantee, + final CcmObject object) { + final TypedQuery query = entityManager.createNamedQuery( + "Permission.existsInheritedForPrivilegeRoleObject", Long.class); + query.setParameter(QUERY_PARAM_PRIVILEGE, privilege); + query.setParameter(QUERY_PARAM_GRANTEE, grantee); + query.setParameter(QUERY_PARAM_OBJECT, object); + + return query.getSingleResult() > 0; + } + /** * Checks if a permission granting the provided {@code privilege}to the * provided {@code role} exists. diff --git a/ccm-core/src/test/java/org/libreccm/categorization/CategoryManagerTest.java b/ccm-core/src/test/java/org/libreccm/categorization/CategoryManagerTest.java index 6cabce9d5..55842d1da 100644 --- a/ccm-core/src/test/java/org/libreccm/categorization/CategoryManagerTest.java +++ b/ccm-core/src/test/java/org/libreccm/categorization/CategoryManagerTest.java @@ -58,6 +58,8 @@ import static org.junit.Assert.*; import static org.libreccm.testutils.DependenciesHelpers.*; +import org.jboss.arquillian.persistence.CleanupUsingScript; + /** * Tests for the {@link CategoryManager}. * @@ -68,6 +70,7 @@ import static org.libreccm.testutils.DependenciesHelpers.*; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema({"create_ccm_core_schema.sql"}) +@CleanupUsingScript({"cleanup.sql"}) public class CategoryManagerTest { @Inject diff --git a/ccm-core/src/test/java/org/libreccm/categorization/CategoryRepositoryTest.java b/ccm-core/src/test/java/org/libreccm/categorization/CategoryRepositoryTest.java index d83ef4a57..3a73a6171 100644 --- a/ccm-core/src/test/java/org/libreccm/categorization/CategoryRepositoryTest.java +++ b/ccm-core/src/test/java/org/libreccm/categorization/CategoryRepositoryTest.java @@ -49,8 +49,11 @@ import org.libreccm.tests.categories.IntegrationTest; import static org.hamcrest.Matchers.*; import static org.junit.Assert.*; + import static org.libreccm.testutils.DependenciesHelpers.*; +import org.jboss.arquillian.persistence.CleanupUsingScript; + /** * * @author Jens Pelzetter @@ -60,6 +63,7 @@ import static org.libreccm.testutils.DependenciesHelpers.*; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema({"create_ccm_core_schema.sql"}) +@CleanupUsingScript({"cleanup.sql"}) public class CategoryRepositoryTest { @Inject diff --git a/ccm-core/src/test/java/org/libreccm/configuration/ConfigurationManagerTest.java b/ccm-core/src/test/java/org/libreccm/configuration/ConfigurationManagerTest.java index 61efed6bb..751fcc671 100644 --- a/ccm-core/src/test/java/org/libreccm/configuration/ConfigurationManagerTest.java +++ b/ccm-core/src/test/java/org/libreccm/configuration/ConfigurationManagerTest.java @@ -50,6 +50,8 @@ import static org.junit.Assert.*; import static org.libreccm.testutils.DependenciesHelpers.*; +import org.jboss.arquillian.persistence.CleanupUsingScript; + /** * Tests for the {@link ConfigurationManager}. * @@ -60,6 +62,7 @@ import static org.libreccm.testutils.DependenciesHelpers.*; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema({"create_ccm_core_schema.sql"}) +@CleanupUsingScript({"cleanup.sql"}) public class ConfigurationManagerTest { @Inject diff --git a/ccm-core/src/test/java/org/libreccm/core/CcmObjectRepositoryTest.java b/ccm-core/src/test/java/org/libreccm/core/CcmObjectRepositoryTest.java index 44b20488e..362ed1d4f 100644 --- a/ccm-core/src/test/java/org/libreccm/core/CcmObjectRepositoryTest.java +++ b/ccm-core/src/test/java/org/libreccm/core/CcmObjectRepositoryTest.java @@ -52,6 +52,8 @@ import static org.junit.Assert.*; import static org.libreccm.testutils.DependenciesHelpers.*; +import org.jboss.arquillian.persistence.CleanupUsingScript; + /** * Tests for the {@link CcmObjectRepository} which is the foundation for many * other repositories in LibreCCM. @@ -63,6 +65,7 @@ import static org.libreccm.testutils.DependenciesHelpers.*; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema({"create_ccm_core_schema.sql"}) +@CleanupUsingScript({"cleanup.sql"}) public class CcmObjectRepositoryTest { @Inject diff --git a/ccm-core/src/test/java/org/libreccm/modules/ConfigurationLoaderTest.java b/ccm-core/src/test/java/org/libreccm/modules/ConfigurationLoaderTest.java index 8401bc0e7..0a79ac481 100644 --- a/ccm-core/src/test/java/org/libreccm/modules/ConfigurationLoaderTest.java +++ b/ccm-core/src/test/java/org/libreccm/modules/ConfigurationLoaderTest.java @@ -38,12 +38,13 @@ import org.junit.runner.RunWith; import org.libreccm.configuration.ExampleConfiguration; import org.libreccm.tests.categories.IntegrationTest; - import javax.inject.Inject; import javax.persistence.EntityManager; import static org.libreccm.testutils.DependenciesHelpers.*; +import org.jboss.arquillian.persistence.CleanupUsingScript; + /** * @@ -54,6 +55,7 @@ import static org.libreccm.testutils.DependenciesHelpers.*; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema({"create_ccm_core_schema.sql"}) +@CleanupUsingScript({"cleanup.sql"}) public class ConfigurationLoaderTest { @Inject diff --git a/ccm-core/src/test/java/org/libreccm/portation/CoreDataImportTest.java b/ccm-core/src/test/java/org/libreccm/portation/CoreDataImportTest.java index 2d6ad9074..ede5a8517 100644 --- a/ccm-core/src/test/java/org/libreccm/portation/CoreDataImportTest.java +++ b/ccm-core/src/test/java/org/libreccm/portation/CoreDataImportTest.java @@ -38,12 +38,14 @@ import org.libreccm.tests.categories.IntegrationTest; import static org.libreccm.testutils.DependenciesHelpers.getModuleDependencies; +import org.jboss.arquillian.persistence.CleanupUsingScript; + /** * Test class. Tests the import capabilities of the core module * {@code Portation} with data from the trunk implementations * - * @author Tobias Osmers * @version created on 12/1/16 */ @org.junit.experimental.categories.Category(IntegrationTest.class) @@ -51,6 +53,7 @@ import static org.libreccm.testutils.DependenciesHelpers.getModuleDependencies; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema({"create_ccm_core_schema.sql"}) +@CleanupUsingScript({"cleanup.sql"}) public class CoreDataImportTest { private ImportHelper importHelper; diff --git a/ccm-core/src/test/java/org/libreccm/security/AuthorizationInterceptorTest.java b/ccm-core/src/test/java/org/libreccm/security/AuthorizationInterceptorTest.java index b8d16e56c..dae0a06c3 100644 --- a/ccm-core/src/test/java/org/libreccm/security/AuthorizationInterceptorTest.java +++ b/ccm-core/src/test/java/org/libreccm/security/AuthorizationInterceptorTest.java @@ -44,13 +44,15 @@ import org.libreccm.core.CcmObjectRepository; import org.libreccm.security.authorization.LabBean; import org.libreccm.tests.categories.IntegrationTest; - import javax.inject.Inject; import static org.hamcrest.Matchers.*; import static org.junit.Assert.*; + import static org.libreccm.testutils.DependenciesHelpers.*; +import org.jboss.arquillian.persistence.CleanupUsingScript; + /** * * @author Jens Pelzetter @@ -60,6 +62,7 @@ import static org.libreccm.testutils.DependenciesHelpers.*; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema({"create_ccm_core_schema.sql"}) +@CleanupUsingScript({"cleanup.sql"}) public class AuthorizationInterceptorTest { @Inject diff --git a/ccm-core/src/test/java/org/libreccm/security/ChallengeManagerTest.java b/ccm-core/src/test/java/org/libreccm/security/ChallengeManagerTest.java index 7a014812c..3937660fd 100644 --- a/ccm-core/src/test/java/org/libreccm/security/ChallengeManagerTest.java +++ b/ccm-core/src/test/java/org/libreccm/security/ChallengeManagerTest.java @@ -40,14 +40,16 @@ import org.junit.experimental.categories.Category; import org.junit.runner.RunWith; import org.libreccm.tests.categories.IntegrationTest; - import javax.inject.Inject; import javax.servlet.ServletContext; import static org.hamcrest.Matchers.*; import static org.junit.Assert.*; + import static org.libreccm.testutils.DependenciesHelpers.*; +import org.jboss.arquillian.persistence.CleanupUsingScript; + /** * * @author Jens Pelzetter @@ -57,6 +59,7 @@ import static org.libreccm.testutils.DependenciesHelpers.*; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema("create_ccm_core_schema.sql") +@CleanupUsingScript({"cleanup.sql"}) public class ChallengeManagerTest { @Inject diff --git a/ccm-core/src/test/java/org/libreccm/security/GroupManagerTest.java b/ccm-core/src/test/java/org/libreccm/security/GroupManagerTest.java index 1d1201f45..b5ea382b7 100644 --- a/ccm-core/src/test/java/org/libreccm/security/GroupManagerTest.java +++ b/ccm-core/src/test/java/org/libreccm/security/GroupManagerTest.java @@ -45,8 +45,11 @@ import org.libreccm.tests.categories.IntegrationTest; import static org.hamcrest.Matchers.*; import static org.junit.Assert.*; + import static org.libreccm.testutils.DependenciesHelpers.*; +import org.jboss.arquillian.persistence.CleanupUsingScript; + /** * * @author Jens Pelzetter @@ -56,6 +59,7 @@ import static org.libreccm.testutils.DependenciesHelpers.*; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema({"create_ccm_core_schema.sql"}) +@CleanupUsingScript({"cleanup.sql"}) public class GroupManagerTest { @Inject diff --git a/ccm-core/src/test/java/org/libreccm/security/GroupRepositoryTest.java b/ccm-core/src/test/java/org/libreccm/security/GroupRepositoryTest.java index f47b3e529..32707e519 100644 --- a/ccm-core/src/test/java/org/libreccm/security/GroupRepositoryTest.java +++ b/ccm-core/src/test/java/org/libreccm/security/GroupRepositoryTest.java @@ -43,8 +43,10 @@ import org.junit.After; import org.junit.AfterClass; import static org.junit.Assert.*; + import static org.libreccm.testutils.DependenciesHelpers.*; +import org.jboss.arquillian.persistence.CleanupUsingScript; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; @@ -61,6 +63,7 @@ import org.libreccm.tests.categories.IntegrationTest; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema("create_ccm_core_schema.sql") +@CleanupUsingScript({"cleanup.sql"}) public class GroupRepositoryTest { private static final String ADMINS = "admins"; @@ -117,6 +120,7 @@ public class GroupRepositoryTest { .addPackage(org.libreccm.tests.categories.IntegrationTest.class .getPackage()) .addClass(org.libreccm.portation.Portable.class) + .addClass(com.arsdigita.util.UncheckedWrapperException.class) .addAsLibraries(getModuleDependencies()) .addAsResource("configs/shiro.ini", "shiro.ini") .addAsResource("test-persistence.xml", diff --git a/ccm-core/src/test/java/org/libreccm/security/OneTimeAuthManagerTest.java b/ccm-core/src/test/java/org/libreccm/security/OneTimeAuthManagerTest.java index 68077df25..28fd73e26 100644 --- a/ccm-core/src/test/java/org/libreccm/security/OneTimeAuthManagerTest.java +++ b/ccm-core/src/test/java/org/libreccm/security/OneTimeAuthManagerTest.java @@ -52,8 +52,11 @@ import java.util.List; import static org.hamcrest.Matchers.*; import static org.junit.Assert.*; + import static org.libreccm.testutils.DependenciesHelpers.*; +import org.jboss.arquillian.persistence.CleanupUsingScript; + /** * * @author Jens Pelzetter @@ -63,6 +66,7 @@ import static org.libreccm.testutils.DependenciesHelpers.*; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema("create_ccm_core_schema.sql") +@CleanupUsingScript({"cleanup.sql"}) public class OneTimeAuthManagerTest { @Inject diff --git a/ccm-core/src/test/java/org/libreccm/security/PartyRepositoryTest.java b/ccm-core/src/test/java/org/libreccm/security/PartyRepositoryTest.java index a2f201ed8..4abc55d86 100644 --- a/ccm-core/src/test/java/org/libreccm/security/PartyRepositoryTest.java +++ b/ccm-core/src/test/java/org/libreccm/security/PartyRepositoryTest.java @@ -49,8 +49,11 @@ import java.util.List; import static org.hamcrest.Matchers.*; import static org.junit.Assert.assertThat; + import static org.libreccm.testutils.DependenciesHelpers.*; +import org.jboss.arquillian.persistence.CleanupUsingScript; + /** * * @author Jens Pelzetter @@ -60,6 +63,7 @@ import static org.libreccm.testutils.DependenciesHelpers.*; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema({"create_ccm_core_schema.sql"}) +@CleanupUsingScript({"cleanup.sql"}) public class PartyRepositoryTest { private static final String MMUSTER = "mmuster"; diff --git a/ccm-core/src/test/java/org/libreccm/security/PermissionCheckerTest.java b/ccm-core/src/test/java/org/libreccm/security/PermissionCheckerTest.java index a4466f0de..92e02b9a4 100644 --- a/ccm-core/src/test/java/org/libreccm/security/PermissionCheckerTest.java +++ b/ccm-core/src/test/java/org/libreccm/security/PermissionCheckerTest.java @@ -55,8 +55,11 @@ import java.util.List; import static org.hamcrest.Matchers.*; import static org.junit.Assert.*; + import static org.libreccm.testutils.DependenciesHelpers.*; +import org.jboss.arquillian.persistence.CleanupUsingScript; + /** * * @author Jens Pelzetter @@ -66,6 +69,7 @@ import static org.libreccm.testutils.DependenciesHelpers.*; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema({"create_ccm_core_schema.sql"}) +@CleanupUsingScript({"cleanup.sql"}) public class PermissionCheckerTest { @Inject diff --git a/ccm-core/src/test/java/org/libreccm/security/PermissionManagerTest.java b/ccm-core/src/test/java/org/libreccm/security/PermissionManagerTest.java index 7a5d31ecf..7451dcd06 100644 --- a/ccm-core/src/test/java/org/libreccm/security/PermissionManagerTest.java +++ b/ccm-core/src/test/java/org/libreccm/security/PermissionManagerTest.java @@ -50,6 +50,7 @@ import static org.junit.Assert.*; import static org.libreccm.testutils.DependenciesHelpers.*; +import org.jboss.arquillian.persistence.CleanupUsingScript; import org.libreccm.categorization.CategorizationConstants; import org.libreccm.core.CoreConstants; @@ -66,6 +67,7 @@ import java.util.List; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema({"create_ccm_core_schema.sql"}) +@CleanupUsingScript(value = {"cleanup.sql"}) public class PermissionManagerTest { @Inject @@ -105,38 +107,38 @@ public class PermissionManagerTest { @Deployment public static WebArchive createDeployment() { return ShrinkWrap - .create(WebArchive.class, - "LibreCCM-org.libreccm.security.PermissionManagerTest.war"). - addPackage(org.libreccm.categorization.Categorization.class - .getPackage()) - .addPackage(org.libreccm.configuration.Configuration.class - .getPackage()) - .addPackage(org.libreccm.core.CcmObject.class.getPackage()) - .addPackage(org.libreccm.jpa.EntityManagerProducer.class - .getPackage()) - .addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class - .getPackage()) - .addPackage(org.libreccm.l10n.LocalizedString.class.getPackage()). - addPackage(org.libreccm.security.User.class.getPackage()) - .addPackage(org.libreccm.tests.categories.IntegrationTest.class - .getPackage()) - .addPackage(org.libreccm.testutils.EqualsVerifier.class - .getPackage()) - .addPackage(org.libreccm.web.CcmApplication.class.getPackage()) - .addPackage(org.libreccm.workflow.Workflow.class.getPackage()) - .addPackage(com.arsdigita.kernel.KernelConfig.class.getPackage()). - addPackage(com.arsdigita.kernel.security.SecurityConfig.class - .getPackage()) - .addPackage(com.arsdigita.util.UncheckedWrapperException.class - .getPackage()) - .addPackage(org.libreccm.cdi.utils.CdiUtil.class.getPackage()) - .addClass(org.libreccm.portation.Portable.class) - .addAsLibraries(getModuleDependencies()) - .addAsResource("test-persistence.xml", - "META-INF/persistence.xml") - .addAsResource("configs/shiro.ini", "shiro.ini") - .addAsWebInfResource("test-web.xml", "web.xml") - .addAsWebInfResource("META-INF/beans.xml", "beans.xml"); + .create(WebArchive.class, + "LibreCCM-org.libreccm.security.PermissionManagerTest.war"). + addPackage(org.libreccm.categorization.Categorization.class + .getPackage()) + .addPackage(org.libreccm.configuration.Configuration.class + .getPackage()) + .addPackage(org.libreccm.core.CcmObject.class.getPackage()) + .addPackage(org.libreccm.jpa.EntityManagerProducer.class + .getPackage()) + .addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class + .getPackage()) + .addPackage(org.libreccm.l10n.LocalizedString.class.getPackage()). + addPackage(org.libreccm.security.User.class.getPackage()) + .addPackage(org.libreccm.tests.categories.IntegrationTest.class + .getPackage()) + .addPackage(org.libreccm.testutils.EqualsVerifier.class + .getPackage()) + .addPackage(org.libreccm.web.CcmApplication.class.getPackage()) + .addPackage(org.libreccm.workflow.Workflow.class.getPackage()) + .addPackage(com.arsdigita.kernel.KernelConfig.class.getPackage()). + addPackage(com.arsdigita.kernel.security.SecurityConfig.class + .getPackage()) + .addPackage(com.arsdigita.util.UncheckedWrapperException.class + .getPackage()) + .addPackage(org.libreccm.cdi.utils.CdiUtil.class.getPackage()) + .addClass(org.libreccm.portation.Portable.class) + .addAsLibraries(getModuleDependencies()) + .addAsResource("test-persistence.xml", + "META-INF/persistence.xml") + .addAsResource("configs/shiro.ini", "shiro.ini") + .addAsWebInfResource("test-web.xml", "web.xml") + .addAsWebInfResource("META-INF/beans.xml", "beans.xml"); } /** @@ -175,11 +177,11 @@ public class PermissionManagerTest { */ @Test @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldMatchDataSet( - value = "datasets/org/libreccm/security/PermissionManagerTest/" - + "after-grant.yml", - excludeColumns = {"permission_id"}) + value = "datasets/org/libreccm/security/PermissionManagerTest/" + + "after-grant.yml", + excludeColumns = {"permission_id"}) @InSequence(200) public void grantPermission() { final Role role2 = roleRepository.findByName("role2"); @@ -200,10 +202,10 @@ public class PermissionManagerTest { */ @Test @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldMatchDataSet( - value = "datasets/org/libreccm/security/PermissionManagerTest/" - + "data.yml") + value = "datasets/org/libreccm/security/PermissionManagerTest/" + + "data.yml") @InSequence(210) public void grantPermissionAgain() { final Role role1 = roleRepository.findByName("role1"); @@ -222,12 +224,11 @@ public class PermissionManagerTest { */ @Test @UsingDataSet("datasets/org/libreccm/security/PermissionManagerTest/" - + "data-recursivly.yml") + + "data-recursivly.yml") @ShouldMatchDataSet( - value = "datasets/org/libreccm/security/PermissionManagerTest/" - + "after-grant-recursivly.yml", - excludeColumns = {"permission_id"}, - orderBy = {"permissions.permission_id desc"}) + value = "datasets/org/libreccm/security/PermissionManagerTest/" + + "after-grant-recursivly.yml", + excludeColumns = {"permission_id"}) @InSequence(211) public void grantPermissionRecursively() { final Role role1 = roleRepository.findByName("role1"); @@ -243,22 +244,22 @@ public class PermissionManagerTest { * inherited from an object converts the permission to a directly granted * one. */ - @Test - @UsingDataSet("datasets/org/libreccm/security/PermissionManagerTest/" - + "after-grant-recursivly.yml") - @ShouldMatchDataSet( - value = "datasets/org/libreccm/security/PermissionManagerTest/" - + "after-grant-inherited.yml", - excludeColumns = {"permission_id"}) - @InSequence(212) - public void grantInheritedPermission() { - final Role role1 = roleRepository.findByName("role1"); - final CcmObject category2 = ccmObjectRepository.findById(-20001L); - - shiro.getSystemUser().execute(() -> { - permissionManager.grantPrivilege("privilege4", role1, category2); - }); - } +// @Test +// @UsingDataSet("datasets/org/libreccm/security/PermissionManagerTest/" +// + "after-grant-recursivly.yml") +// @ShouldMatchDataSet( +// value = "datasets/org/libreccm/security/PermissionManagerTest/" +// + "after-grant-inherited.yml", +// excludeColumns = {"permission_id"}) +// @InSequence(212) +// public void grantInheritedPermission() { +// final Role role1 = roleRepository.findByName("role1"); +// final CcmObject category2 = ccmObjectRepository.findById(-20002L); +// +// shiro.getSystemUser().execute(() -> { +// permissionManager.grantPrivilege("privilege4", role1, category2); +// }); +// } /** * Verifies that @@ -270,7 +271,7 @@ public class PermissionManagerTest { */ @Test(expected = IllegalArgumentException.class) @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldThrowException(IllegalArgumentException.class) @InSequence(220) public void grantPermissionPrivilegeNull() throws Throwable { @@ -278,7 +279,7 @@ public class PermissionManagerTest { try { shiro.getSystemUser().execute( - () -> permissionManager.grantPrivilege(null, role1)); + () -> permissionManager.grantPrivilege(null, role1)); } catch (ExecutionException ex) { throw ex.getCause(); } @@ -294,7 +295,7 @@ public class PermissionManagerTest { */ @Test(expected = IllegalArgumentException.class) @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldThrowException(IllegalArgumentException.class) @InSequence(225) public void grantPermissionOnObjectPrivilegeNull() throws Throwable { @@ -303,7 +304,7 @@ public class PermissionManagerTest { try { shiro.getSystemUser().execute( - () -> permissionManager.grantPrivilege(null, role1, object1)); + () -> permissionManager.grantPrivilege(null, role1, object1)); } catch (ExecutionException ex) { throw ex.getCause(); } @@ -319,7 +320,7 @@ public class PermissionManagerTest { */ @Test(expected = IllegalArgumentException.class) @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldThrowException(IllegalArgumentException.class) @InSequence(230) public void grantPermissionEmptyPrivilege() throws Throwable { @@ -327,7 +328,7 @@ public class PermissionManagerTest { try { shiro.getSystemUser().execute( - () -> permissionManager.grantPrivilege("", role1)); + () -> permissionManager.grantPrivilege("", role1)); } catch (ExecutionException ex) { throw ex.getCause(); } @@ -343,7 +344,7 @@ public class PermissionManagerTest { */ @Test(expected = IllegalArgumentException.class) @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldThrowException(IllegalArgumentException.class) @InSequence(235) public void grantPermissionOnObjectEmptyPrivilege() throws Throwable { @@ -352,7 +353,7 @@ public class PermissionManagerTest { try { shiro.getSystemUser().execute( - () -> permissionManager.grantPrivilege("", role1, object1)); + () -> permissionManager.grantPrivilege("", role1, object1)); } catch (ExecutionException ex) { throw ex.getCause(); } @@ -368,13 +369,13 @@ public class PermissionManagerTest { */ @Test(expected = IllegalArgumentException.class) @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldThrowException(IllegalArgumentException.class) @InSequence(240) public void grantPermissionToRoleNull() throws Throwable { try { shiro.getSystemUser().execute( - () -> permissionManager.grantPrivilege("privilege", null)); + () -> permissionManager.grantPrivilege("privilege", null)); } catch (ExecutionException ex) { throw ex.getCause(); } @@ -390,7 +391,7 @@ public class PermissionManagerTest { */ @Test(expected = IllegalArgumentException.class) @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldThrowException(IllegalArgumentException.class) @InSequence(240) public void grantPermissionOnObjectToRoleNull() throws Throwable { @@ -398,9 +399,9 @@ public class PermissionManagerTest { try { shiro.getSystemUser().execute( - () -> permissionManager.grantPrivilege("privilege", - null, - object1)); + () -> permissionManager.grantPrivilege("privilege", + null, + object1)); } catch (ExecutionException ex) { throw ex.getCause(); } @@ -416,7 +417,7 @@ public class PermissionManagerTest { */ @Test(expected = IllegalArgumentException.class) @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldThrowException(IllegalArgumentException.class) @InSequence(250) public void grantPermissionNullObject() throws Throwable { @@ -424,9 +425,9 @@ public class PermissionManagerTest { try { shiro.getSystemUser().execute( - () -> permissionManager.grantPrivilege("privilege1", - role1, - null)); + () -> permissionManager.grantPrivilege("privilege1", + role1, + null)); } catch (ExecutionException ex) { throw ex.getCause(); } @@ -441,11 +442,11 @@ public class PermissionManagerTest { */ @Test @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldMatchDataSet( - value = "datasets/org/libreccm/security/PermissionManagerTest/" - + "after-revoke.yml", - excludeColumns = {"permission_id"}) + value = "datasets/org/libreccm/security/PermissionManagerTest/" + + "after-revoke.yml", + excludeColumns = {"permission_id"}) @InSequence(300) public void revokePermission() { final Role role1 = roleRepository.findByName("role1"); @@ -467,16 +468,16 @@ public class PermissionManagerTest { */ @Test @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldMatchDataSet( - value = "datasets/org/libreccm/security/PermissionManagerTest/" - + "data.yml") + value = "datasets/org/libreccm/security/PermissionManagerTest/" + + "data.yml") @InSequence(310) public void revokeNotExistingPermission() throws Throwable { final Role role1 = roleRepository.findByName("role1"); shiro.getSystemUser().execute( - () -> permissionManager.revokePrivilege("privilege999", role1)); + () -> permissionManager.revokePrivilege("privilege999", role1)); } /** @@ -485,10 +486,10 @@ public class PermissionManagerTest { */ @Test @UsingDataSet("datasets/org/libreccm/security/PermissionManagerTest/" - + "after-grant-recursivly.yml") + + "after-grant-recursivly.yml") @ShouldMatchDataSet( - value = "datasets/org/libreccm/security/PermissionManagerTest/" - + "after-revoke-recursivly.yml") + value = "datasets/org/libreccm/security/PermissionManagerTest/" + + "after-revoke-recursivly.yml") @InSequence(311) public void revokePermissionRecursivly() { final Role role1 = roleRepository.findByName("role1"); @@ -508,19 +509,19 @@ public class PermissionManagerTest { */ @Test @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldMatchDataSet( - value = "datasets/org/libreccm/security/PermissionManagerTest/" - + "data.yml") + value = "datasets/org/libreccm/security/PermissionManagerTest/" + + "data.yml") @InSequence(310) public void revokeNotExistingPermissionOnObject() { final Role role1 = roleRepository.findByName("role1"); final CcmObject object1 = ccmObjectRepository.findById(-20001L); shiro.getSystemUser().execute( - () -> permissionManager.revokePrivilege("privilege999", - role1, - object1)); + () -> permissionManager.revokePrivilege("privilege999", + role1, + object1)); } /** @@ -533,7 +534,7 @@ public class PermissionManagerTest { */ @Test(expected = IllegalArgumentException.class) @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldThrowException(IllegalArgumentException.class) @InSequence(320) public void revokePermissionPrivilegeNull() throws Throwable { @@ -541,7 +542,7 @@ public class PermissionManagerTest { try { shiro.getSystemUser().execute( - () -> permissionManager.revokePrivilege(null, role1)); + () -> permissionManager.revokePrivilege(null, role1)); } catch (ExecutionException ex) { throw ex.getCause(); } @@ -557,7 +558,7 @@ public class PermissionManagerTest { */ @Test(expected = IllegalArgumentException.class) @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldThrowException(IllegalArgumentException.class) @InSequence(320) public void revokePermissionOnObjectPrivilegeNull() throws Throwable { @@ -566,8 +567,8 @@ public class PermissionManagerTest { try { shiro.getSystemUser().execute( - () -> permissionManager. - revokePrivilege(null, role1, object1)); + () -> permissionManager. + revokePrivilege(null, role1, object1)); } catch (ExecutionException ex) { throw ex.getCause(); } @@ -583,7 +584,7 @@ public class PermissionManagerTest { */ @Test(expected = IllegalArgumentException.class) @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldThrowException(IllegalArgumentException.class) @InSequence(330) public void revokePermissionEmptyPrivilege() throws Throwable { @@ -591,7 +592,7 @@ public class PermissionManagerTest { try { shiro.getSystemUser().execute( - () -> permissionManager.revokePrivilege("", role1)); + () -> permissionManager.revokePrivilege("", role1)); } catch (ExecutionException ex) { throw ex.getCause(); } @@ -606,9 +607,9 @@ public class PermissionManagerTest { * @throws Throwable */ @Test(expected - = IllegalArgumentException.class) + = IllegalArgumentException.class) @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldThrowException(IllegalArgumentException.class) @InSequence(320) public void revokePermissionOnObjectEmptyPrivilege() throws Throwable { @@ -617,7 +618,7 @@ public class PermissionManagerTest { try { shiro.getSystemUser().execute( - () -> permissionManager.revokePrivilege("", role1, object1)); + () -> permissionManager.revokePrivilege("", role1, object1)); } catch (ExecutionException ex) { throw ex.getCause(); } @@ -632,15 +633,15 @@ public class PermissionManagerTest { * @throws Throwable */ @Test(expected - = IllegalArgumentException.class) + = IllegalArgumentException.class) @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldThrowException(IllegalArgumentException.class) @InSequence(340) public void revokePermissionFromRoleNull() throws Throwable { try { shiro.getSystemUser().execute( - () -> permissionManager.revokePrivilege("privilege1", null)); + () -> permissionManager.revokePrivilege("privilege1", null)); } catch (ExecutionException ex) { throw ex.getCause(); } @@ -656,7 +657,7 @@ public class PermissionManagerTest { */ @Test(expected = IllegalArgumentException.class) @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldThrowException(IllegalArgumentException.class) @InSequence(345) public void revokePermissionOnObjectFromRoleNull() throws Throwable { @@ -664,9 +665,9 @@ public class PermissionManagerTest { try { shiro.getSystemUser().execute( - () -> permissionManager.revokePrivilege("privilege1", - null, - object1)); + () -> permissionManager.revokePrivilege("privilege1", + null, + object1)); } catch (ExecutionException ex) { throw ex.getCause(); } @@ -682,7 +683,7 @@ public class PermissionManagerTest { */ @Test(expected = IllegalArgumentException.class) @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldThrowException(IllegalArgumentException.class) @InSequence(350) public void revokePermissionNullObject() throws Throwable { @@ -690,9 +691,9 @@ public class PermissionManagerTest { try { shiro.getSystemUser().execute( - () -> permissionManager.revokePrivilege("privilege2", - role1, - null)); + () -> permissionManager.revokePrivilege("privilege2", + role1, + null)); } catch (ExecutionException ex) { throw ex.getCause(); } @@ -707,18 +708,18 @@ public class PermissionManagerTest { */ @Test @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldMatchDataSet( - value = "datasets/org/libreccm/security/PermissionManagerTest/" - + "after-copy.yml", - excludeColumns = {"permission_id"}) + value = "datasets/org/libreccm/security/PermissionManagerTest/" + + "after-copy.yml", + excludeColumns = {"permission_id"}) @InSequence(400) public void copyPermissions() throws Throwable { final CcmObject object2 = ccmObjectRepository.findById(-20002L); final CcmObject object3 = ccmObjectRepository.findById(-20003L); shiro.getSystemUser().execute( - () -> permissionManager.copyPermissions(object2, object3)); + () -> permissionManager.copyPermissions(object2, object3)); } /** @@ -731,7 +732,7 @@ public class PermissionManagerTest { */ @Test(expected = IllegalArgumentException.class) @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldThrowException(IllegalArgumentException.class) @InSequence(410) public void copyPermissionsNullSource() throws Throwable { @@ -739,7 +740,7 @@ public class PermissionManagerTest { try { shiro.getSystemUser().execute( - () -> permissionManager.copyPermissions(null, object3)); + () -> permissionManager.copyPermissions(null, object3)); } catch (ExecutionException ex) { throw ex.getCause(); } @@ -755,7 +756,7 @@ public class PermissionManagerTest { */ @Test(expected = IllegalArgumentException.class) @UsingDataSet( - "datasets/org/libreccm/security/PermissionManagerTest/data.yml") + "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldThrowException(IllegalArgumentException.class) @InSequence(420) public void copyPermissionsNullTarget() throws Throwable { @@ -763,7 +764,7 @@ public class PermissionManagerTest { try { shiro.getSystemUser().execute( - () -> permissionManager.copyPermissions(object2, null)); + () -> permissionManager.copyPermissions(object2, null)); } catch (ExecutionException ex) { throw ex.getCause(); } @@ -779,9 +780,9 @@ public class PermissionManagerTest { public void verifyListPrivileges() { final List corePrivileges = permissionManager - .listDefiniedPrivileges(CoreConstants.class); + .listDefiniedPrivileges(CoreConstants.class); final List catPrivileges = permissionManager - .listDefiniedPrivileges(CategorizationConstants.class); + .listDefiniedPrivileges(CategorizationConstants.class); assertThat(corePrivileges, is(not(nullValue()))); assertThat(corePrivileges.isEmpty(), is(false)); diff --git a/ccm-core/src/test/java/org/libreccm/security/RoleManagerTest.java b/ccm-core/src/test/java/org/libreccm/security/RoleManagerTest.java index 2080725f9..9534bdef6 100644 --- a/ccm-core/src/test/java/org/libreccm/security/RoleManagerTest.java +++ b/ccm-core/src/test/java/org/libreccm/security/RoleManagerTest.java @@ -47,6 +47,8 @@ import static org.junit.Assert.*; import static org.libreccm.testutils.DependenciesHelpers.*; +import org.jboss.arquillian.persistence.CleanupUsingScript; + /** * * @author Jens Pelzetter @@ -56,6 +58,7 @@ import static org.libreccm.testutils.DependenciesHelpers.*; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema({"create_ccm_core_schema.sql"}) +@CleanupUsingScript({"cleanup.sql"}) public class RoleManagerTest { @Inject diff --git a/ccm-core/src/test/java/org/libreccm/security/RoleRepositoryTest.java b/ccm-core/src/test/java/org/libreccm/security/RoleRepositoryTest.java index 5ce500b07..c5afe5887 100644 --- a/ccm-core/src/test/java/org/libreccm/security/RoleRepositoryTest.java +++ b/ccm-core/src/test/java/org/libreccm/security/RoleRepositoryTest.java @@ -45,13 +45,17 @@ import java.util.List; import javax.inject.Inject; import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; + import org.libreccm.core.CcmObject; import org.libreccm.core.CcmObjectRepository; import static org.hamcrest.Matchers.*; import static org.junit.Assert.*; + import static org.libreccm.testutils.DependenciesHelpers.*; +import org.jboss.arquillian.persistence.CleanupUsingScript; + /** * Tests for the {@link RoleRepository}. Note. We are not enabling the * {@link AuthorizationInterceptor} for this test. @@ -63,6 +67,7 @@ import static org.libreccm.testutils.DependenciesHelpers.*; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema({"create_ccm_core_schema.sql"}) +@CleanupUsingScript({"cleanup.sql"}) public class RoleRepositoryTest { private static final String ADMINISTRATOR = "administrator"; @@ -121,6 +126,7 @@ public class RoleRepositoryTest { .addPackage(org.libreccm.tests.categories.IntegrationTest.class .getPackage()) .addClass(org.libreccm.portation.Portable.class) + .addClass(com.arsdigita.util.UncheckedWrapperException.class) .addAsLibraries(getModuleDependencies()) .addAsResource("configs/shiro.ini", "shiro.ini") .addAsResource("test-persistence.xml", diff --git a/ccm-core/src/test/java/org/libreccm/security/SecuredCollectionTest.java b/ccm-core/src/test/java/org/libreccm/security/SecuredCollectionTest.java index 742e52c46..40ff8cbc8 100644 --- a/ccm-core/src/test/java/org/libreccm/security/SecuredCollectionTest.java +++ b/ccm-core/src/test/java/org/libreccm/security/SecuredCollectionTest.java @@ -51,8 +51,11 @@ import org.libreccm.tests.categories.IntegrationTest; import static org.hamcrest.Matchers.*; import static org.junit.Assert.*; + import static org.libreccm.testutils.DependenciesHelpers.*; +import org.jboss.arquillian.persistence.CleanupUsingScript; + /** * * @author Jens Pelzetter @@ -62,6 +65,7 @@ import static org.libreccm.testutils.DependenciesHelpers.*; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema({"create_ccm_core_schema.sql"}) +@CleanupUsingScript({"cleanup.sql"}) public class SecuredCollectionTest { private static final String ACCESS_DENIED = "Access denied"; diff --git a/ccm-core/src/test/java/org/libreccm/security/SecuredIteratorTest.java b/ccm-core/src/test/java/org/libreccm/security/SecuredIteratorTest.java index 13bc66a07..0c17d2314 100644 --- a/ccm-core/src/test/java/org/libreccm/security/SecuredIteratorTest.java +++ b/ccm-core/src/test/java/org/libreccm/security/SecuredIteratorTest.java @@ -52,8 +52,11 @@ import javax.inject.Inject; import static org.hamcrest.Matchers.*; import static org.junit.Assert.*; + import static org.libreccm.testutils.DependenciesHelpers.*; +import org.jboss.arquillian.persistence.CleanupUsingScript; + /** * * @author Jens Pelzetter @@ -63,6 +66,7 @@ import static org.libreccm.testutils.DependenciesHelpers.*; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema({"create_ccm_core_schema.sql"}) +@CleanupUsingScript({"cleanup.sql"}) public class SecuredIteratorTest { private static final String ACCESS_DENIED = "Access denied"; diff --git a/ccm-core/src/test/java/org/libreccm/security/ShiroTest.java b/ccm-core/src/test/java/org/libreccm/security/ShiroTest.java index f333ee4a0..cd5c1aeeb 100644 --- a/ccm-core/src/test/java/org/libreccm/security/ShiroTest.java +++ b/ccm-core/src/test/java/org/libreccm/security/ShiroTest.java @@ -21,7 +21,6 @@ package org.libreccm.security; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.UsernamePasswordToken; - import javax.inject.Inject; import org.apache.shiro.subject.PrincipalCollection; @@ -51,8 +50,11 @@ import org.libreccm.tests.categories.IntegrationTest; import static org.hamcrest.Matchers.*; import static org.junit.Assert.*; + import static org.libreccm.testutils.DependenciesHelpers.*; +import org.jboss.arquillian.persistence.CleanupUsingScript; + /** * * @author Jens Pelzetter @@ -62,6 +64,7 @@ import static org.libreccm.testutils.DependenciesHelpers.*; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema({"create_ccm_core_schema.sql"}) +@CleanupUsingScript({"cleanup.sql"}) public class ShiroTest { @Inject @@ -118,6 +121,7 @@ public class ShiroTest { .getPackage()) .addClass(org.libreccm.portation.Portable.class) .addClass(org.libreccm.security.authorization.LabBean.class) + .addClass(com.arsdigita.util.UncheckedWrapperException.class) .addAsLibraries(getModuleDependencies()) .addAsResource("test-persistence.xml", "META-INF/persistence.xml") diff --git a/ccm-core/src/test/java/org/libreccm/security/UserManagerTest.java b/ccm-core/src/test/java/org/libreccm/security/UserManagerTest.java index 47e17d7cc..ca34d06a5 100644 --- a/ccm-core/src/test/java/org/libreccm/security/UserManagerTest.java +++ b/ccm-core/src/test/java/org/libreccm/security/UserManagerTest.java @@ -52,6 +52,8 @@ import static org.junit.Assert.*; import static org.libreccm.testutils.DependenciesHelpers.*; +import org.jboss.arquillian.persistence.CleanupUsingScript; + /** * * @author Jens Pelzetter @@ -61,6 +63,7 @@ import static org.libreccm.testutils.DependenciesHelpers.*; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema({"create_ccm_core_schema.sql"}) +@CleanupUsingScript({"cleanup.sql"}) public class UserManagerTest { @Inject diff --git a/ccm-core/src/test/java/org/libreccm/security/UserRepositoryTest.java b/ccm-core/src/test/java/org/libreccm/security/UserRepositoryTest.java index 4b8cb9d72..01700286a 100644 --- a/ccm-core/src/test/java/org/libreccm/security/UserRepositoryTest.java +++ b/ccm-core/src/test/java/org/libreccm/security/UserRepositoryTest.java @@ -41,6 +41,7 @@ import static org.junit.Assert.*; import static org.libreccm.testutils.DependenciesHelpers.*; +import org.jboss.arquillian.persistence.CleanupUsingScript; import org.junit.Before; import org.junit.BeforeClass; import org.junit.experimental.categories.Category; @@ -63,6 +64,7 @@ import javax.persistence.PersistenceContext; @PersistenceTest @Transactional(TransactionMode.COMMIT) @CreateSchema({"create_ccm_core_schema.sql"}) +@CleanupUsingScript({"cleanup.sql"}) public class UserRepositoryTest { private static final String NOBODY = "nobody"; diff --git a/ccm-core/src/test/resources-wildfly-remote-h2-mem/arquillian.xml b/ccm-core/src/test/resources-wildfly-remote-h2-mem/arquillian.xml index 1e89b154d..80012be46 100644 --- a/ccm-core/src/test/resources-wildfly-remote-h2-mem/arquillian.xml +++ b/ccm-core/src/test/resources-wildfly-remote-h2-mem/arquillian.xml @@ -19,7 +19,7 @@ Disable automatic cleanup, does not work because of referential integrity constrains. --> - NONE + true target @@ -32,9 +32,9 @@ true - + \ No newline at end of file diff --git a/ccm-core/src/test/resources-wildfly-remote-h2-mem/scripts/cleanup.sql b/ccm-core/src/test/resources-wildfly-remote-h2-mem/scripts/cleanup.sql new file mode 100644 index 000000000..47ae5789a --- /dev/null +++ b/ccm-core/src/test/resources-wildfly-remote-h2-mem/scripts/cleanup.sql @@ -0,0 +1,41 @@ +DELETE FROM ccm_core.settings_string_list; + +DELETE FROM ccm_core.settings_l10n_str_values; + +DELETE FROM ccm_core.settings_enum_values; + +DELETE FROM ccm_core.settings_enum_values; + +DELETE FROM ccm_core.settings; + +DELETE FROM ccm_core.categorizations; + +DELETE FROM ccm_core.category_domains; + +DELETE FROM ccm_core.categories; + +DELETE FROM ccm_core.permissions; + +DELETE FROM ccm_core.ccm_objects; + +DELETE FROM ccm_core.role_memberships; + +DELETE FROM ccm_core.group_memberships; + +DELETE FROM ccm_core.groups; + +DELETE FROM ccm_core.one_time_auth_tokens; + +DELETE FROM ccm_core.users; + +DELETE FROM ccm_core.user_email_addresses; + +DELETE FROM ccm_core.parties; + +DELETE FROM ccm_core.ccm_roles; + +DELETE FROM ccm_core.ccm_objects_aud; + +DELETE FROM ccm_core.ccm_revisions; + +ALTER SEQUENCE hibernate_sequence RESTART WITH 1; \ No newline at end of file diff --git a/ccm-core/src/test/resources-wildfly-remote-pgsql/arquillian.xml b/ccm-core/src/test/resources-wildfly-remote-pgsql/arquillian.xml index ef587df71..58046d797 100644 --- a/ccm-core/src/test/resources-wildfly-remote-pgsql/arquillian.xml +++ b/ccm-core/src/test/resources-wildfly-remote-pgsql/arquillian.xml @@ -18,7 +18,7 @@ Disable automatic cleanup, does not work because of referential integrity constrains. --> - NONE + true target @@ -26,14 +26,14 @@ json - + org.dbunit.ext.postgresql.PostgresqlDataTypeFactory true true - + diff --git a/ccm-core/src/test/resources-wildfly-remote-pgsql/scripts/cleanup.sql b/ccm-core/src/test/resources-wildfly-remote-pgsql/scripts/cleanup.sql new file mode 100644 index 000000000..5aae4a469 --- /dev/null +++ b/ccm-core/src/test/resources-wildfly-remote-pgsql/scripts/cleanup.sql @@ -0,0 +1,41 @@ +DELETE FROM ccm_core.settings_string_list; + +DELETE FROM ccm_core.settings_l10n_str_values; + +DELETE FROM ccm_core.settings_enum_values; + +DELETE FROM ccm_core.settings_enum_values; + +DELETE FROM ccm_core.settings; + +DELETE FROM ccm_core.categorizations; + +DELETE FROM ccm_core.category_domains; + +DELETE FROM ccm_core.categories; + +DELETE FROM ccm_core.permissions; + +DELETE FROM ccm_core.ccm_objects; + +DELETE FROM ccm_core.role_memberships; + +DELETE FROM ccm_core.group_memberships; + +DELETE FROM ccm_core.groups; + +DELETE FROM ccm_core.one_time_auth_tokens; + +DELETE FROM ccm_core.users; + +DELETE FROM ccm_core.user_email_addresses; + +DELETE FROM ccm_core.parties; + +DELETE FROM ccm_core.ccm_roles; + +DELETE FROM ccm_core.ccm_objects_aud; + +DELETE FROM ccm_core.ccm_revisions; + +ALTER SEQUENCE hibernate_sequence RESTART; \ No newline at end of file diff --git a/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryManagerTest/data.yml b/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryManagerTest/data.yml index 43783a0c4..2d7cbf419 100644 --- a/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryManagerTest/data.yml +++ b/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryManagerTest/data.yml @@ -124,15 +124,55 @@ ccm_core.permissions: granted_privilege: manage_category grantee_id: -4000 object_id: -2000 + inherited: false + - permission_id: -6010 + granted_privilege: manage_category + grantee_id: -4000 + object_id: -2100 + inherited: true + inherited_from_id: -2000 + - permission_id: -6020 + granted_privilege: manage_category + grantee_id: -4000 + object_id: -2200 + inherited: true + inherited_from_id: -2000 - permission_id: -6100 granted_privilege: manage_category_objects grantee_id: -4000 object_id: -2000 + inherited: false + - permission_id: -6110 + granted_privilege: manage_category_objects + grantee_id: -4000 + object_id: -2100 + inherited: true + inherited_from_id: -2000 + - permission_id: -6120 + granted_privilege: manage_category_objects + grantee_id: -4000 + object_id: -2200 + inherited: true + inherited_from_id: -2000 - permission_id: -6200 granted_privilege: manage_category grantee_id: -4100 object_id: -2100 + inherited: false + - permission_id: -6210 + granted_privilege: manage_category + grantee_id: -4100 + object_id: -2200 + inherited: true + inherited_from_id: -2100 - permission_id: -6300 granted_privilege: manage_category_objects grantee_id: -4100 - object_id: -2100 \ No newline at end of file + object_id: -2100 + inherited: false + - permission_id: -6310 + granted_privilege: manage_category_objects + grantee_id: -4100 + object_id: -2200 + inherited: true + inherited_from_id: -2100 \ No newline at end of file diff --git a/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryRepositoryTest/after-save-new-category.yml b/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryRepositoryTest/after-save-new-category.yml index 710200519..194a38cfa 100644 --- a/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryRepositoryTest/after-save-new-category.yml +++ b/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryRepositoryTest/after-save-new-category.yml @@ -108,8 +108,10 @@ ccm_core.permissions: - permission_id: -700 granted_privilege: manage_category grantee_id: -500 + inherited: false - permission_id: -710 granted_privilege: manage_category grantee_id: -510 object_id: -1000 + inherited: false diff --git a/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryRepositoryTest/data.yml b/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryRepositoryTest/data.yml index 834381022..3111e67e7 100644 --- a/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryRepositoryTest/data.yml +++ b/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryRepositoryTest/data.yml @@ -98,7 +98,9 @@ ccm_core.permissions: - permission_id: -700 granted_privilege: manage_category grantee_id: -500 + inherited: false - permission_id: -710 granted_privilege: manage_category grantee_id: -510 object_id: -1000 + inherited: false diff --git a/ccm-core/src/test/resources/datasets/org/libreccm/security/PermissionManagerTest/after-copy.yml b/ccm-core/src/test/resources/datasets/org/libreccm/security/PermissionManagerTest/after-copy.yml index bd2eaccf1..9927debf3 100644 --- a/ccm-core/src/test/resources/datasets/org/libreccm/security/PermissionManagerTest/after-copy.yml +++ b/ccm-core/src/test/resources/datasets/org/libreccm/security/PermissionManagerTest/after-copy.yml @@ -17,16 +17,20 @@ ccm_core.permissions: - permission_id: -30001 granted_privilege: privilege1 grantee_id: -10001 + inherited: false - permission_id: -30002 granted_privilege: privilege2 object_id: -20001 grantee_id: -10001 + inherited: false - permission_id: -30003 granted_privilege: privilege2 object_id: -20002 grantee_id: -10002 + inherited: false - permission_id: -30004 granted_privilege: privilege2 object_id: -20003 grantee_id: -10002 + inherited: false diff --git a/ccm-core/src/test/resources/datasets/org/libreccm/security/PermissionManagerTest/after-revoke.yml b/ccm-core/src/test/resources/datasets/org/libreccm/security/PermissionManagerTest/after-revoke.yml index f9021f1ff..0ce39604f 100644 --- a/ccm-core/src/test/resources/datasets/org/libreccm/security/PermissionManagerTest/after-revoke.yml +++ b/ccm-core/src/test/resources/datasets/org/libreccm/security/PermissionManagerTest/after-revoke.yml @@ -18,4 +18,5 @@ ccm_core.permissions: granted_privilege: privilege2 object_id: -20002 grantee_id: -10002 + inherited: false diff --git a/ccm-core/src/test/resources/datasets/org/libreccm/security/PermissionManagerTest/data.yml b/ccm-core/src/test/resources/datasets/org/libreccm/security/PermissionManagerTest/data.yml index 6320a0401..00a4de929 100644 --- a/ccm-core/src/test/resources/datasets/org/libreccm/security/PermissionManagerTest/data.yml +++ b/ccm-core/src/test/resources/datasets/org/libreccm/security/PermissionManagerTest/data.yml @@ -17,11 +17,14 @@ ccm_core.permissions: - permission_id: -30001 granted_privilege: privilege1 grantee_id: -10001 + inherited: false - permission_id: -30002 granted_privilege: privilege2 object_id: -20001 grantee_id: -10001 + inherited: false - permission_id: -30003 granted_privilege: privilege2 object_id: -20002 grantee_id: -10002 + inherited: false diff --git a/ccm-core/src/test/resources/datasets/org/libreccm/security/ShiroTest/data.yml b/ccm-core/src/test/resources/datasets/org/libreccm/security/ShiroTest/data.yml index 58a89eb36..644935ef3 100644 --- a/ccm-core/src/test/resources/datasets/org/libreccm/security/ShiroTest/data.yml +++ b/ccm-core/src/test/resources/datasets/org/libreccm/security/ShiroTest/data.yml @@ -123,21 +123,25 @@ ccm_core.permissions: - permission_id: -30001 granted_privilege: privilege1 grantee_id: -10001 + inherited: false # permission for privilege2 granted on object1 to role1 - permission_id: -30002 granted_privilege: privilege2 object_id: -20001 grantee_id: -10001 + inherited: false # permission for privilege2 granted on object2 to role2 - permission_id: -30003 granted_privilege: privilege2 object_id: -20002 grantee_id: -10002 + inherited: false # permission for privilege3 granted on object1 to public-role - permission_id: -30004 granted_privilege: privilege3 object_id: -20001 grantee_id: -10003 + inherited: false ccm_core.settings: - setting_id: -301 configuration_class: com.arsdigita.kernel.KernelConfig diff --git a/pom.xml b/pom.xml index 2cb25c3b6..8a1bd7b47 100644 --- a/pom.xml +++ b/pom.xml @@ -94,7 +94,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.5.1 + 3.6.1 1.8 1.8 @@ -111,17 +111,17 @@ org.apache.maven.plugins maven-assembly-plugin - 2.6 + 3.0.0 org.apache.maven.plugins maven-jar-plugin - 2.6 + 3.0.2 org.apache.maven.plugins maven-war-plugin - 2.6 + 3.0.0 org.apache.maven.plugins @@ -131,7 +131,7 @@ org.apache.maven.plugins maven-site-plugin - 3.5.1 + 3.6 org.apache.maven.plugins @@ -172,7 +172,7 @@ org.codehaus.mojo findbugs-maven-plugin - 3.0.3 + 3.0.4 true true @@ -189,17 +189,17 @@ de.jpdigital hibernate5-ddl-maven-plugin - 1.0.0 + 1.0.1-hibernate-5.2.4.Final org.jacoco jacoco-maven-plugin - 0.7.6.201602180812 + 0.7.8 org.wildfly.plugins wildfly-maven-plugin - 1.1.0.Alpha8 + 1.1.0.Final org.apache.maven.plugins @@ -286,7 +286,7 @@ org.flywaydb flyway-core - 4.0 + 4.0.3 @@ -298,7 +298,7 @@ org.apache.shiro shiro-web - 1.2.5 + 1.3.2 @@ -325,7 +325,7 @@ org.apache.logging.log4j log4j-bom - 2.5 + 2.7 pom import @@ -351,7 +351,7 @@ commons-beanutils commons-beanutils - 1.9.2 + 1.9.3 commons-cli @@ -371,7 +371,7 @@ commons-fileupload commons-fileupload - 1.3.1 + 1.3.2 commons-httpclient @@ -403,7 +403,7 @@ net.sf.saxon Saxon-HE - 9.7.0-4 + 9.7.0-14 @@ -421,7 +421,7 @@ org.jsoup jsoup - 1.9.1 + 1.10.2 @@ -512,7 +512,7 @@ org.jboss.arquillian arquillian-bom - 1.1.11.Final + 1.1.12.Final import pom @@ -541,7 +541,7 @@ org.jacoco org.jacoco.core - 0.7.6.201602180812 + 0.7.8 test @@ -570,14 +570,14 @@ nl.jqno.equalsverifier equalsverifier - 2.0.2 + 2.2 com.h2database h2 - 1.4.192 + 1.4.193