CCM NG:

- Some code cleanup
- PrivilegeRepository for creating and deleting permissions


git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@3540 8810af33-2d31-482b-a856-94f89814c4df

ccm-core/pom.xml

@@ -379,11 +379,12 @@
                     <excludes>
                         <exclude>**/AbstractConfig.java</exclude>
                         <exclude>**/AbstractParameter.java</exclude>
-                        <exclude>**/AbstractParameterContext</exclude>
+                        <exclude>**/AbstractParameterContext.java</exclude>
                         <exclude>**/Assert.java</exclude>
-                        <exclude>**/Classes.java</exclude>
                         <exclude>**/CCMApplicationContextListener.java</exclude>
                         <exclude>**/CCMResourceManager.java</exclude>
+                        <exclude>**/Classes.java</exclude>
+                        <exclude>**/ClassParameter.java</exclude>
                         <exclude>**/ClassParameterReader.java</exclude>
                         <exclude>**/CompoundParameterReader.java</exclude>
                         <exclude>**/ConfigError.java</exclude>
@@ -391,8 +392,8 @@
                         <exclude>**/Converters.java</exclude>
                         <exclude>**/CSVParameterReader.java</exclude>
                         <exclude>**/DateFormatter.java</exclude>
-                        <exclude>**/DataFormatterConfig.java</exclude>
+                        <exclude>**/DateFormatterConfig.java</exclude>
-                        <exclude>**/DateTimeFormatter</exclude>
+                        <exclude>**/DateTimeFormatter.java</exclude>
                         <exclude>**/Document.java</exclude>
                         <exclude>**/Element.java</exclude>
                         <exclude>**/EmailParameter.java</exclude>
@@ -416,9 +417,10 @@
                         <exclude>**/SecurityConfig.java</exclude>
                         <exclude>**/SecurityHelper.java</exclude>
                         <exclude>**/SingletonParameter.java</exclude>
+                        <exclude>**/SpecificClassParameter.java</exclude>
                         <exclude>**/StringParameter.java</exclude>
                         <exclude>**/TimeFormatter.java</exclude>
-                        <exclude>**/UncheckedWrapperException</exclude>
+                        <exclude>**/UncheckedWrapperException.java</exclude>
                         <exclude>**/XML.java</exclude>
                     </excludes>
                 </configuration>

ccm-core/src/main/java/org/libreccm/core/GroupManager.java

@@ -95,19 +95,19 @@ public class GroupManager {
                 "Can't remove a user from group null");
         }
         
-        GroupMembership membershipToDelete = null;
+        GroupMembership delete = null;
         for(final GroupMembership membership : group.getMembers()) {
             if (membership.getUser().equals(user)) {
-                membershipToDelete = membership;
+                delete = membership;
                 break;
             }
         }
         
-        if (membershipToDelete != null) {
+        if (delete != null) {
-            group.removeMember(membershipToDelete);
+            group.removeMember(delete);
-            user.removeGroupMembership(membershipToDelete);
+            user.removeGroupMembership(delete);
             
-            entityManager.remove(membershipToDelete);
+            entityManager.remove(delete);
         }
     }
 

ccm-core/src/main/java/org/libreccm/core/PermissionManager.java

@@ -63,12 +63,18 @@ public class PermissionManager {
      * Checks if the the provided {@code subject} has a permission granting the
      * provided {@code privilege} on the provided {@code object}.
      *
+     * If the provided subject is {@code null} the method will try to retrieve
+     * the public user from the database. If there is no public user the method
+     * will return {@code false}.
+     *
      * @param privilege The privilege to check.
      * @param object    The object on which the privilege is granted.
      * @param subject   The subject to which the privilege is granted.
      *
      * @return {@code true} of the subject has a permission granting
      *         {@code privilege} on {@code object}, either explicit or implicit.
+     *
+     * @see UserRepository#retrievePublicUser()
      */
     public boolean isPermitted(final Privilege privilege,
                                final CcmObject object,
@@ -80,6 +86,10 @@ public class PermissionManager {
      * Checks if the the provided {@code subject} has a permission granting the
      * provided {@code privilege} on the provided {@code object}.
      *
+     * If the provided subject is {@code null} the method will try to retrieve
+     * the public user from the database. If there is no public user the method
+     * will return {@code false}.
+     *
      * @param privilege The privilege to check.
      * @param object    The object on which the privilege is granted.
      * @param subject   The subject to which the privilege is granted.
@@ -88,6 +98,8 @@ public class PermissionManager {
      *                                      {@code privilege} on {@code object}
      *                                      to {@code subject}
      *
+     * @see #isPermitted(org.libreccm.core.Privilege,
+     * org.libreccm.core.CcmObject, org.libreccm.core.Subject)
      */
     public void checkPermission(final Privilege privilege,
                                 final CcmObject object,

ccm-core/src/main/java/org/libreccm/core/Privilege.java

@@ -54,8 +54,9 @@ import javax.xml.bind.annotation.XmlRootElement;
                 query = "SELECT p FROM Privilege p "
                             + "WHERE p.privilege = :name"),
     @NamedQuery(name = "isPrivilegeInUse",
-                query = "SELECT COUNT(p) FROM Permission p JOIN Privilege r "
+                query = "SELECT COUNT(p) FROM Permission p "
-                + "WHERE r.privilege = :name")
+                + "      JOIN p.grantedPrivilege g "
+                + "      WHERE g.privilege = :name")
 })
 @XmlRootElement(name = "privilege", namespace = CORE_XML_NS)
 public class Privilege implements Serializable {

ccm-core/src/main/java/org/libreccm/core/PrivilegeRepository.java

@@ -21,6 +21,7 @@ package org.libreccm.core;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.persistence.EntityManager;
+import javax.persistence.NoResultException;
 import javax.persistence.TypedQuery;
 
 /**
@@ -40,16 +41,24 @@ public class PrivilegeRepository {
     /**
      * Finds the {@link Privilege} identified by {@code name}.
      *
-     * @param privilege The name of the privilege to return.
+     * @param name The name of the privilege to return.
      *
-     * @return
+     * @return The requested privilege.
+     *
+     * @throws UnknownPrivilegeException if there is no privilege identified by
+     *                                   the provided {@code name}.
      */
-    public Privilege retrievePrivilege(final String privilege) {
+    public Privilege retrievePrivilege(final String name) {
         final TypedQuery<Privilege> query = entityManager.createNamedQuery(
             "findPrivilegeByName", Privilege.class);
-        query.setParameter("name", privilege);
+        query.setParameter("name", name);
 
-        return query.getSingleResult();
+        try {
+            return query.getSingleResult();
+        } catch (NoResultException ex) {
+            throw new UnknownPrivilegeException(String.format(
+                "There is no privilege \"%s\".", name), ex);
+        }
     }
 
     /**
@@ -78,26 +87,34 @@ public class PrivilegeRepository {
      * ToDo: Check if current user is system user.
      *
      * @param privilegeName The privilege to delete.
+     *
+     * @throws UnknownPrivilegeException if there is no privilege identified by
+     *                                   the provided {@code name}.
      */
     public void deletePrivilege(final String privilegeName) {
-        final Privilege privilege = retrievePrivilege(privilegeName);
-
         if (isPrivilegeInUse(privilegeName)) {
             throw new IllegalArgumentException(
                 "Provided privilage can't be removed because its still in use");
         }
 
-        if (privilege != null) {
+        final Privilege privilege = retrievePrivilege(privilegeName);
-            entityManager.remove(privilege);
+        entityManager.remove(privilege);
-        }
     }
 
+    /**
+     * Checks a {@link Privilege} is in use.
+     *
+     * @param privilegeName The name of the privilege to check.
+     *
+     * @return {@code true} if the privilege is in use (there is a least one
+     *         permission using it), {@code false} otherwise.
+     */
     public boolean isPrivilegeInUse(final String privilegeName) {
-        final TypedQuery<Integer> query = entityManager.createNamedQuery(
+        final TypedQuery<Long> query = entityManager.createNamedQuery(
-            "isPrivilegeInUse", Integer.class);
+            "isPrivilegeInUse", Long.class);
         query.setParameter("name", privilegeName);
 
-        final Integer result = query.getSingleResult();
+        final Long result = query.getSingleResult();
 
         return result > 0;
     }

ccm-core/src/main/java/org/libreccm/core/ResourceType.java

@@ -39,6 +39,11 @@ import org.libreccm.l10n.LocalizedString;
 @Entity
 @Table(name = "resource_types")
 @Inheritance(strategy = InheritanceType.JOINED)
+@SuppressWarnings({"PMD.CyclomaticComplexity",
+                   "PMD.StdCyclomaticComplexity",
+                   "PMD.ModifiedCyclomaticComplexity",
+                   "PMD.NPathComplexity",
+                   "PMD.LongVariable"})
 public class ResourceType implements Serializable {
 
     private static final long serialVersionUID = 4563584142251370627L;
@@ -52,10 +57,10 @@ public class ResourceType implements Serializable {
 
     @Embedded
     @AssociationOverride(
-            name = "values",
+        name = "values",
-            joinTable = @JoinTable(name = "resource_type_descriptions",
+        joinTable = @JoinTable(name = "resource_type_descriptions",
-                                   joinColumns = {
+                               joinColumns = {
-                                       @JoinColumn(name = "resource_type_id")}))
+                                   @JoinColumn(name = "resource_type_id")}))
     private LocalizedString description;
 
     @Column(name = "workspace_app")
@@ -73,7 +78,7 @@ public class ResourceType implements Serializable {
     public ResourceType() {
         description = new LocalizedString();
     }
-    
+
     public long getResourceTypeId() {
         return resourceTypeId;
     }
@@ -157,25 +162,25 @@ public class ResourceType implements Serializable {
             return false;
         }
 
-        if (this.resourceTypeId != other.resourceTypeId) {
+        if (this.resourceTypeId != other.getResourceTypeId()) {
             return false;
         }
-        if (!Objects.equals(this.title, other.title)) {
+        if (!Objects.equals(this.title, other.getTitle())) {
             return false;
         }
-        if (!Objects.equals(this.description, other.description)) {
+        if (!Objects.equals(this.description, other.getDescription())) {
             return false;
         }
-        if (this.workspaceApplication != other.workspaceApplication) {
+        if (this.workspaceApplication != other.isWorkspaceApplication()) {
             return false;
         }
-        if (this.viewableAsFullPage != other.viewableAsFullPage) {
+        if (this.viewableAsFullPage != other.isViewableAsFullPage()) {
             return false;
         }
-        if (this.viewableAsEmbedded != other.viewableAsEmbedded) {
+        if (this.viewableAsEmbedded != other.isViewableAsEmbedded()) {
             return false;
         }
-        return this.singleton == other.singleton;
+        return this.singleton == other.isSingleton();
     }
 
     public boolean canEqual(final Object obj) {
@@ -189,14 +194,14 @@ public class ResourceType implements Serializable {
 
     public String toString(final String data) {
         return String.format("%s{ "
-                                     + "resourceTypeId = %d, "
+                                 + "resourceTypeId = %d, "
-                                     + "title = \"%s\", "
+                                 + "title = \"%s\", "
-                                     + "description = { %s }, "
+                                 + "description = { %s }, "
-                                     + "workspaceApplication = %b, "
+                                 + "workspaceApplication = %b, "
-                                     + "viewableAsFullPage = %b, "
+                                 + "viewableAsFullPage = %b, "
-                                     + "viewableAsEmbedded = %b, "
+                                 + "viewableAsEmbedded = %b, "
-                                     + "singleton = %b%s"
+                                 + "singleton = %b%s"
-                                     + " }",
+                                 + " }",
                              super.toString(),
                              resourceTypeId,
                              title,
@@ -207,4 +212,5 @@ public class ResourceType implements Serializable {
                              singleton,
                              data);
     }
+
 }

ccm-core/src/main/java/org/libreccm/core/UnknownPrivilegeException.java

@@ -0,0 +1,68 @@
+/*
+ * Copyright (C) 2015 LibreCCM Foundation.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02110-1301  USA
+ */
+package org.libreccm.core;
+
+/**
+ *
+ * @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
+ */
+public class UnknownPrivilegeException extends RuntimeException {
+
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Creates a new instance of <code>UnknownPrivilegeException</code> without
+     * detail message.
+     */
+    public UnknownPrivilegeException() {
+        super();
+    }
+
+    /**
+     * Constructs an instance of <code>UnknownPrivilegeException</code> with the
+     * specified detail message.
+     *
+     * @param msg The detail message.
+     */
+    public UnknownPrivilegeException(final String msg) {
+        super(msg);
+    }
+
+    /**
+     * Constructs an instance of <code>UnknownPrivilegeException</code> which
+     * wraps the specified exception.
+     *
+     * @param exception The exception to wrap.
+     */
+    public UnknownPrivilegeException(final Exception exception) {
+        super(exception);
+    }
+
+    /**
+     * Constructs an instance of <code>UnknownPrivilegeException</code> with the
+     * specified message which also wraps the specified exception.
+     *
+     * @param msg       The detail message.
+     * @param exception The exception to wrap.
+     */
+    public UnknownPrivilegeException(final String msg, final Exception exception) {
+        super(msg, exception);
+    }
+
+}

ccm-core/src/main/java/org/libreccm/core/UserRepository.java

@@ -43,6 +43,29 @@ public class UserRepository extends AbstractEntityRepository<Long, User> {
         return entity.getSubjectId() == 0;
     }
 
+    /**
+     * Retrieves the internal system user which is permitted to execute almost
+     * every operation.
+     *
+     * @return The internal system user.
+     */
+    public User retrieveSystemUser() {
+        throw new UnsupportedOperationException();
+    }
+
+    /**
+     * Retrieves the public user. The public user is used to represent the
+     * privileges of a user which is not logged in. The public user is a
+     * ordinary user account in the database with the screen name
+     * {@code public-user}.
+     *
+     * @return The public user or {@code null} if there is no account for the 
+     * public user.
+     */
+    public User retrievePublicUser() {
+        throw new UnsupportedOperationException();
+    }
+
     public User findByScreenName(final String screenname) {
         final TypedQuery<User> query = getEntityManager().createNamedQuery(
             "findUserByScreenName", User.class);
@@ -55,21 +78,21 @@ public class UserRepository extends AbstractEntityRepository<Long, User> {
         //screen_name column has a unique constraint.
         if (result.isEmpty()) {
             return null;
-        } else  {
+        } else {
             return result.get(0);
-        } 
+        }
     }
 
     public User findByEmailAddress(final String emailAddress) {
         final TypedQuery<User> query = getEntityManager().createNamedQuery(
             "findUserByEmailAddress", User.class);
         query.setParameter("emailAddress", emailAddress);
-        
+
         final List<User> result = query.getResultList();
-        
+
         if (result.isEmpty()) {
             return null;
-        } else if(result.size() == 1) {
+        } else if (result.size() == 1) {
             return result.get(0);
         } else {
             throw new MultipleMatchingUserException(String.format(
@@ -79,5 +102,4 @@ public class UserRepository extends AbstractEntityRepository<Long, User> {
         }
     }
 
-
 }

ccm-core/src/main/java/org/libreccm/web/ApplicationType.java

@@ -40,6 +40,7 @@ import org.libreccm.core.ResourceType;
  */
 @Entity
 @Table(name = "application_types")
+@SuppressWarnings("PMD.LongVariable")
 public class ApplicationType extends ResourceType implements Serializable {
 
     private static final long serialVersionUID = -1175728067001112457L;

ccm-core/src/test/java/org/libreccm/core/DatasetsTest.java

@@ -58,6 +58,9 @@ public class DatasetsTest extends DatasetsVerifier {
             "/datasets/org/libreccm/core/PermissionRepositoryTest/after-save-new.json",
             "/datasets/org/libreccm/core/PermissionRepositoryTest/after-delete.json",
             "/datasets/org/libreccm/core/PermissionRepositoryTest/data.json",
+            "/datasets/org/libreccm/core/PrivilegeRepositoryTest/after-create.json",
+            "/datasets/org/libreccm/core/PrivilegeRepositoryTest/after-delete.json",
+            "/datasets/org/libreccm/core/PrivilegeRepositoryTest/data.json",
             "/datasets/org/libreccm/core/RoleRepositoryTest/data.json",
             "/datasets/org/libreccm/core/RoleRepositoryTest/after-delete.json",
             "/datasets/org/libreccm/core/RoleRepositoryTest/after-save-changed.json",

ccm-core/src/test/java/org/libreccm/core/PermissionRepositoryTest.java

@@ -106,10 +106,10 @@ public class PermissionRepositoryTest {
     @Deployment
     public static WebArchive createDeployment() {
         final PomEquippedResolveStage pom = Maven
-                .resolver()
+            .resolver()
-                .loadPomFromFile("pom.xml");
+            .loadPomFromFile("pom.xml");
         final PomEquippedResolveStage dependencies = pom.
-                importCompileAndRuntimeDependencies();
+            importCompileAndRuntimeDependencies();
         final File[] libs = dependencies.resolve().withTransitivity().asFile();
 
         for (File lib : libs) {
@@ -118,31 +118,31 @@ public class PermissionRepositoryTest {
         }
 
         return ShrinkWrap
-                .create(WebArchive.class,
+            .create(WebArchive.class,
-                        "LibreCCM-org.libreccm.core.UserRepositoryTest.war")
+                    "LibreCCM-org.libreccm.core.UserRepositoryTest.war")
-                .addPackage(User.class.getPackage())
+            .addPackage(User.class.getPackage())
-                .addPackage(org.libreccm.web.Application.class.getPackage())
+            .addPackage(org.libreccm.web.Application.class.getPackage())
-                .addPackage(org.libreccm.categorization.Category.class.
+            .addPackage(org.libreccm.categorization.Category.class.
-                        getPackage())
+                getPackage())
-                .addPackage(org.libreccm.l10n.LocalizedString.class.getPackage()).
+            .addPackage(org.libreccm.l10n.LocalizedString.class.getPackage()).
-                addPackage(org.libreccm.jpa.EntityManagerProducer.class
+            addPackage(org.libreccm.jpa.EntityManagerProducer.class
-                        .getPackage())
+                .getPackage())
-                .addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class
+            .addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class
-                        .getPackage())
+                .getPackage())
-                .addPackage(org.libreccm.testutils.EqualsVerifier.class.
+            .addPackage(org.libreccm.testutils.EqualsVerifier.class.
-                        getPackage())
+                getPackage())
-                .addPackage(org.libreccm.tests.categories.IntegrationTest.class
+            .addPackage(org.libreccm.tests.categories.IntegrationTest.class
-                        .getPackage())
+                .getPackage())
-                .addAsLibraries(libs)
+            .addAsLibraries(libs)
-                .addAsResource("test-persistence.xml",
+            .addAsResource("test-persistence.xml",
-                               "META-INF/persistence.xml")
+                           "META-INF/persistence.xml")
-                .addAsWebInfResource("test-web.xml", "WEB-INF/web.xml")
+            .addAsWebInfResource("test-web.xml", "WEB-INF/web.xml")
-                .addAsWebInfResource(EmptyAsset.INSTANCE, "WEB-INF/beans.xml");
+            .addAsWebInfResource(EmptyAsset.INSTANCE, "WEB-INF/beans.xml");
     }
 
     @Test
-    @UsingDataSet(
+    @UsingDataSet("datasets/org/libreccm/core/PermissionRepositoryTest/"
-            "datasets/org/libreccm/core/PermissionRepositoryTest/data.json")
+                      + "data.json")
     @InSequence(10)
     public void findPermissionsForSubject() {
         final User jdoe = userRepository.findByScreenName("jdoe");
@@ -158,7 +158,7 @@ public class PermissionRepositoryTest {
         assertThat(authors, is(not(nullValue())));
 
         final List<Permission> permissionsJdoe = permissionRepository
-                .findPermissionsForSubject(jdoe);
+            .findPermissionsForSubject(jdoe);
         assertThat(permissionsJdoe.size(), is(1));
         assertThat(permissionsJdoe.get(0).getObject().getDisplayName(),
                    is(equalTo("Test Object 2")));
@@ -166,18 +166,18 @@ public class PermissionRepositoryTest {
                    is(equalTo("read")));
 
         final List<Permission> permissionsMmuster = permissionRepository
-                .findPermissionsForSubject(mmuster);
+            .findPermissionsForSubject(mmuster);
         assertThat(permissionsMmuster.size(), is(0));
 
         final List<Permission> permissionsAdmins = permissionRepository
-                .findPermissionsForSubject(admins);
+            .findPermissionsForSubject(admins);
         assertThat(permissionsAdmins.size(), is(1));
         assertThat(permissionsAdmins.get(0).getObject(), is(nullValue()));
         assertThat(permissionsAdmins.get(0).getGrantedPrivilege().getPrivilege(),
                    is("admin"));
 
         final List<Permission> permissionsUsers = permissionRepository
-                .findPermissionsForSubject(users);
+            .findPermissionsForSubject(users);
         assertThat(permissionsUsers.size(), is(1));
         assertThat(permissionsUsers.get(0).getObject().getDisplayName(),
                    is(equalTo("Test Object 1")));
@@ -185,7 +185,7 @@ public class PermissionRepositoryTest {
                    is(equalTo("read")));
 
         final List<Permission> permissionsAuthors = permissionRepository
-                .findPermissionsForSubject(authors);
+            .findPermissionsForSubject(authors);
         assertThat(permissionsAuthors.size(), is(2));
         assertThat(permissionsAuthors.get(0).getObject().getDisplayName(),
                    is(equalTo("Test Object 1")));
@@ -193,16 +193,16 @@ public class PermissionRepositoryTest {
                    is(equalTo("Test Object 1")));
         final Set<String> privileges = new HashSet<>();
         privileges.add(permissionsAuthors.get(0).getGrantedPrivilege()
-                .getPrivilege());
+            .getPrivilege());
         privileges.add(permissionsAuthors.get(1).getGrantedPrivilege()
-                .getPrivilege());
+            .getPrivilege());
         assertThat(privileges, hasItem("read"));
         assertThat(privileges, hasItem("write"));
     }
 
     @Test(expected = IllegalArgumentException.class)
     @UsingDataSet(
-            "datasets/org/libreccm/core/PermissionRepositoryTest/data.json")
+        "datasets/org/libreccm/core/PermissionRepositoryTest/data.json")
     @ShouldThrowException(IllegalArgumentException.class)
     @InSequence(11)
     public void findPermissionsForNullSubject() {
@@ -211,7 +211,7 @@ public class PermissionRepositoryTest {
 
     @Test
     @UsingDataSet(
-            "datasets/org/libreccm/core/PermissionRepositoryTest/data.json")
+        "datasets/org/libreccm/core/PermissionRepositoryTest/data.json")
     @InSequence(20)
     public void findPermissionsForUser() {
         final User jdoe = userRepository.findByScreenName("jdoe");
@@ -220,7 +220,7 @@ public class PermissionRepositoryTest {
         assertThat(mmuster, is(not(nullValue())));
 
         final List<Permission> jdoePermissions = permissionRepository
-                .findPermissionsForUser(jdoe);
+            .findPermissionsForUser(jdoe);
         assertThat(jdoePermissions.size(), is(4));
         Collections.sort(jdoePermissions, new Comparator<Permission>() {
 
@@ -228,20 +228,20 @@ public class PermissionRepositoryTest {
             public int compare(final Permission permission1,
                                final Permission permission2) {
                 int result = permission1.getGrantedPrivilege().getPrivilege()
-                        .compareToIgnoreCase(permission2.getGrantedPrivilege()
+                    .compareToIgnoreCase(permission2.getGrantedPrivilege()
-                                .getPrivilege());
+                        .getPrivilege());
 
                 if (result == 0) {
                     result = permission1.getObject().getDisplayName().compareTo(
-                            permission2.getObject().getDisplayName());
+                        permission2.getObject().getDisplayName());
                 } else {
                     return result;
                 }
 
                 if (result == 0) {
                     return permission1.getGrantee().getClass().getName()
-                            .compareTo(permission2.getGrantee().getClass().
+                        .compareTo(permission2.getGrantee().getClass().
-                                    getName());
+                            getName());
                 } else {
                     return result;
                 }
@@ -268,17 +268,17 @@ public class PermissionRepositoryTest {
                    is(equalTo("Test Object 1")));
 
         final List<Permission> mmusterPermissions = permissionRepository
-                .findPermissionsForUser(mmuster);
+            .findPermissionsForUser(mmuster);
         assertThat(mmusterPermissions.size(), is(1));
         assertThat(mmusterPermissions.get(0).getGrantedPrivilege()
-                .getPrivilege(),
+            .getPrivilege(),
                    is(equalTo("admin")));
         assertThat(mmusterPermissions.get(0).getObject(), is(nullValue()));
     }
 
     @Test(expected = IllegalArgumentException.class)
     @UsingDataSet(
-            "datasets/org/libreccm/core/PermissionRepositoryTest/data.json")
+        "datasets/org/libreccm/core/PermissionRepositoryTest/data.json")
     @ShouldThrowException(IllegalArgumentException.class)
     @InSequence(21)
     public void findPermissionsForNullUser() {
@@ -287,7 +287,7 @@ public class PermissionRepositoryTest {
 
     @Test
     @UsingDataSet(
-            "datasets/org/libreccm/core/PermissionRepositoryTest/data.json")
+        "datasets/org/libreccm/core/PermissionRepositoryTest/data.json")
     @InSequence(30)
     public void findPermissionsForCcmObject() {
         final CcmObject object1 = ccmObjectRepository.findById(-10L);
@@ -295,7 +295,7 @@ public class PermissionRepositoryTest {
         final CcmObject object3 = ccmObjectRepository.findById(-30L);
 
         final List<Permission> object1Permissions = permissionRepository
-                .findPermissionsForCcmObject(object1);
+            .findPermissionsForCcmObject(object1);
         assertThat(object1Permissions.size(), is(3));
         Collections.sort(object1Permissions, new Comparator<Permission>() {
 
@@ -308,21 +308,21 @@ public class PermissionRepositoryTest {
 
         });
         assertThat(object1Permissions.get(0).getGrantedPrivilege()
-                .getPrivilege(),
+            .getPrivilege(),
                    is(equalTo("read")));
         assertThat(object1Permissions.get(0).getGrantee(),
                    is(instanceOf(Group.class)));
         assertThat(((Group) object1Permissions.get(0).getGrantee()).getName(),
                    is(equalTo("authors")));
         assertThat(object1Permissions.get(1).getGrantedPrivilege()
-                .getPrivilege(),
+            .getPrivilege(),
                    is(equalTo("write")));
         assertThat(object1Permissions.get(1).getGrantee(),
                    is(instanceOf(Group.class)));
         assertThat(((Group) object1Permissions.get(1).getGrantee()).getName(),
                    is(equalTo("authors")));
         assertThat(object1Permissions.get(2).getGrantedPrivilege()
-                .getPrivilege(),
+            .getPrivilege(),
                    is(equalTo("read")));
         assertThat(object1Permissions.get(2).getGrantee(),
                    is(instanceOf(Group.class)));
@@ -330,25 +330,25 @@ public class PermissionRepositoryTest {
                    is(equalTo("users")));
 
         final List<Permission> object2Permissions = permissionRepository
-                .findPermissionsForCcmObject(object2);
+            .findPermissionsForCcmObject(object2);
         assertThat(object2Permissions.size(), is(1));
         assertThat(object2Permissions.get(0).getGrantedPrivilege()
-                .getPrivilege(),
+            .getPrivilege(),
                    is(equalTo("read")));
         assertThat(object2Permissions.get(0).getGrantee(),
                    is(instanceOf(User.class)));
         assertThat(((User) object2Permissions.get(0).getGrantee())
-                .getScreenName(),
+            .getScreenName(),
                    is(equalTo("jdoe")));
 
         final List<Permission> object3Permissions = permissionRepository
-                .findPermissionsForCcmObject(object3);
+            .findPermissionsForCcmObject(object3);
         assertThat(object3Permissions, is(empty()));
     }
 
     @Test(expected = IllegalArgumentException.class)
     @UsingDataSet(
-            "datasets/org/libreccm/core/PermissionRepositoryTest/data.json")
+        "datasets/org/libreccm/core/PermissionRepositoryTest/data.json")
     @ShouldThrowException(IllegalArgumentException.class)
     @InSequence(31)
     public void findPermissionsForNullObject() {
@@ -357,20 +357,20 @@ public class PermissionRepositoryTest {
 
     @Test
     @UsingDataSet(
-            "datasets/org/libreccm/core/PermissionRepositoryTest/data.json")
+        "datasets/org/libreccm/core/PermissionRepositoryTest/data.json")
     @ShouldMatchDataSet(value = "datasets/org/libreccm/core/"
-                                        + "PermissionRepositoryTest/after-save-new.json",
+                                    + "PermissionRepositoryTest/after-save-new.json",
                         excludeColumns = {"permission_id"})
     @InSequence(40)
     public void saveNewPermission() {
         final User mmuster = userRepository.findByScreenName("mmuster");
 
         final TypedQuery<Privilege> query1 = entityManager.createQuery(
-                "SELECT p FROM Privilege p WHERE p.privilege = 'read'",
+            "SELECT p FROM Privilege p WHERE p.privilege = 'read'",
-                Privilege.class);
+            Privilege.class);
         final TypedQuery<Privilege> query2 = entityManager.createQuery(
-                "SELECT p FROM Privilege p WHERE p.privilege = 'write'",
+            "SELECT p FROM Privilege p WHERE p.privilege = 'write'",
-                Privilege.class);
+            Privilege.class);
 
         final CcmObject object = ccmObjectRepository.findById(-40L);
 
@@ -405,9 +405,9 @@ public class PermissionRepositoryTest {
 
     @Test
     @UsingDataSet(
-            "datasets/org/libreccm/core/PermissionRepositoryTest/data.json")
+        "datasets/org/libreccm/core/PermissionRepositoryTest/data.json")
     @ShouldMatchDataSet(value = "datasets/org/libreccm/core/"
-                                        + "PermissionRepositoryTest/after-save-changed.json",
+                                    + "PermissionRepositoryTest/after-save-changed.json",
                         excludeColumns = {"permission_id"})
     @InSequence(50)
     public void saveChangedPermission() {
@@ -424,9 +424,9 @@ public class PermissionRepositoryTest {
 
     @Test
     @UsingDataSet(
-            "datasets/org/libreccm/core/PermissionRepositoryTest/data.json")
+        "datasets/org/libreccm/core/PermissionRepositoryTest/data.json")
     @ShouldMatchDataSet(value = "datasets/org/libreccm/core/"
-                                        + "PermissionRepositoryTest/after-delete.json",
+                                    + "PermissionRepositoryTest/after-delete.json",
                         excludeColumns = {"permission_id"})
     @InSequence(60)
     public void deletePermission() {
@@ -441,4 +441,5 @@ public class PermissionRepositoryTest {
     public void deleteNullPermission() {
         permissionRepository.delete(null);
     }
+
 }

ccm-core/src/test/java/org/libreccm/core/PrivilegeRepositoryTest.java

@@ -0,0 +1,199 @@
+/*
+ * Copyright (C) 2015 LibreCCM Foundation.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02110-1301  USA
+ */
+package org.libreccm.core;
+
+import static org.hamcrest.Matchers.*;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.container.test.api.ShouldThrowException;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.arquillian.junit.InSequence;
+import org.jboss.arquillian.persistence.PersistenceTest;
+import org.jboss.arquillian.persistence.ShouldMatchDataSet;
+import org.jboss.arquillian.persistence.UsingDataSet;
+import org.jboss.arquillian.transaction.api.annotation.TransactionMode;
+import org.jboss.arquillian.transaction.api.annotation.Transactional;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.asset.EmptyAsset;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.jboss.shrinkwrap.resolver.api.maven.Maven;
+import org.jboss.shrinkwrap.resolver.api.maven.PomEquippedResolveStage;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.libreccm.tests.categories.IntegrationTest;
+
+import java.io.File;
+
+import javax.inject.Inject;
+
+import static org.junit.Assert.*;
+
+/**
+ *
+ * @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
+ */
+@Category(IntegrationTest.class)
+@RunWith(Arquillian.class)
+@PersistenceTest
+@Transactional(TransactionMode.COMMIT)
+public class PrivilegeRepositoryTest {
+
+    @Inject
+    private transient PrivilegeRepository privilegeRepository;
+
+    public PrivilegeRepositoryTest() {
+    }
+
+    @BeforeClass
+    public static void setUpClass() {
+    }
+
+    @AfterClass
+    public static void tearDownClass() {
+    }
+
+    @Before
+    public void setUp() {
+    }
+
+    @After
+    public void tearDown() {
+    }
+
+    @Deployment
+    public static WebArchive createDeployment() {
+        final PomEquippedResolveStage pom = Maven
+            .resolver()
+            .loadPomFromFile("pom.xml");
+        final PomEquippedResolveStage dependencies = pom.
+            importCompileAndRuntimeDependencies();
+        final File[] libs = dependencies.resolve().withTransitivity().asFile();
+
+        for (File lib : libs) {
+            System.err.printf("Adding file '%s' to test archive...%n",
+                              lib.getName());
+        }
+
+        return ShrinkWrap
+            .create(WebArchive.class,
+                    "LibreCCM-org.libreccm.core.UserRepositoryTest.war")
+            .addPackage(User.class.getPackage())
+            .addPackage(org.libreccm.web.Application.class.getPackage())
+            .addPackage(org.libreccm.categorization.Category.class.
+                getPackage())
+            .addPackage(org.libreccm.l10n.LocalizedString.class.getPackage()).
+            addPackage(org.libreccm.jpa.EntityManagerProducer.class
+                .getPackage())
+            .addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class
+                .getPackage())
+            .addPackage(org.libreccm.testutils.EqualsVerifier.class.
+                getPackage())
+            .addPackage(org.libreccm.tests.categories.IntegrationTest.class
+                .getPackage())
+            .addAsLibraries(libs)
+            .addAsResource("test-persistence.xml",
+                           "META-INF/persistence.xml")
+            .addAsWebInfResource("test-web.xml", "WEB-INF/web.xml")
+            .addAsWebInfResource(EmptyAsset.INSTANCE, "WEB-INF/beans.xml");
+    }
+
+    @Test
+    @UsingDataSet("datasets/org/libreccm/core/PrivilegeRepositoryTest/"
+                      + "data.json")
+    @InSequence(10)
+    public void retrievePrivilege() {
+        final Privilege admin = privilegeRepository.retrievePrivilege("admin");
+        final Privilege read = privilegeRepository.retrievePrivilege("read");
+        final Privilege write = privilegeRepository.retrievePrivilege("write");
+
+        assertThat(admin, is(not(nullValue())));
+        assertThat(read, is(not(nullValue())));
+        assertThat(write, is(not(nullValue())));
+
+        assertThat(admin.getPrivilege(), is(equalTo("admin")));
+        assertThat(read.getPrivilege(), is(equalTo("read")));
+        assertThat(write.getPrivilege(), is(equalTo("write")));
+    }
+
+    @Test(expected = UnknownPrivilegeException.class)
+    @UsingDataSet("datasets/org/libreccm/core/PrivilegeRepositoryTest/"
+                      + "data.json")
+    @ShouldThrowException(UnknownPrivilegeException.class)
+    @InSequence(20)
+    public void retrieveNotExitingPrivilege() {
+        privilegeRepository.retrievePrivilege("publish");
+    }
+
+    @Test
+    @UsingDataSet("datasets/org/libreccm/core/PrivilegeRepositoryTest/"
+                      + "data.json")
+    @ShouldMatchDataSet(value = "datasets/org/libreccm/core/"
+                                    + "PrivilegeRepositoryTest/after-create.json",
+                        excludeColumns = {"privilege_id"})
+    @InSequence(30)
+    public void createNewPrivilege() {
+        privilegeRepository.createPrivilege("publish");
+    }
+
+    @Test
+    @UsingDataSet("datasets/org/libreccm/core/PrivilegeRepositoryTest/"
+                      + "data.json")
+    @ShouldMatchDataSet(value = "datasets/org/libreccm/core/"
+                        + "PrivilegeRepositoryTest/after-delete.json",
+                        excludeColumns = {"privilege_id"})
+    @InSequence(40)
+    public void deletePrivilege() {
+        privilegeRepository.deletePrivilege("write");
+    }
+
+    @Test(expected = UnknownPrivilegeException.class)
+    @UsingDataSet("datasets/org/libreccm/core/PrivilegeRepositoryTest/"
+                      + "data.json")
+    @ShouldThrowException(UnknownPrivilegeException.class)
+    @InSequence(41)
+    public void deleteNullPrivilege() {
+        privilegeRepository.deletePrivilege(null);
+    }
+    
+    @Test
+    @UsingDataSet("datasets/org/libreccm/core/PermissionRepositoryTest/"
+                      + "data.json")
+    @InSequence(50)
+    public void checkIsPermissionInUse() {
+        assertThat(privilegeRepository.isPrivilegeInUse("admin"), is(true));
+        assertThat(privilegeRepository.isPrivilegeInUse("write"), is(true));
+        assertThat(privilegeRepository.isPrivilegeInUse("read"), is(true));
+        assertThat(privilegeRepository.isPrivilegeInUse("used"), is(false));
+    }
+    
+    @Test(expected = IllegalArgumentException.class)
+    @UsingDataSet("datasets/org/libreccm/core/PermissionRepositoryTest/"
+                      + "data.json")
+    @ShouldThrowException(IllegalArgumentException.class)
+    @InSequence(60)
+    public void deleteInUsePrivilege() {
+        privilegeRepository.deletePrivilege("admin");
+    }
+
+}

ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionRepositoryTest/after-delete.json

@@ -103,6 +103,10 @@
                 {
                     "privilege_id": -30,
                     "privilege": "write"
+                },
+                {
+                    "privilege_id": -40,
+                    "privilege": "unused"
                 }
             ],
     "ccm_objects":

ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionRepositoryTest/after-save-changed.json

@@ -103,6 +103,10 @@
                 {
                     "privilege_id": -30,
                     "privilege": "write"
+                },
+                {
+                    "privilege_id": -40,
+                    "privilege": "unused"
                 }
             ],
     "ccm_objects":

ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionRepositoryTest/after-save-new.json

@@ -103,6 +103,10 @@
                 {
                     "privilege_id": -30,
                     "privilege": "write"
+                },
+                {
+                    "privilege_id": -40,
+                    "privilege": "unused"
                 }
             ],
     "ccm_objects":
@@ -167,7 +171,7 @@
                     "object_id": -40
                 },
                 {
-                    "permission_id": -50,
+                    "permission_id": -60,
                     "granted_privilege_id": -30,
                     "grantee_id": -50,
                     "object_id": -40

ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionRepositoryTest/data.json

@@ -103,6 +103,10 @@
                 {
                     "privilege_id": -30,
                     "privilege": "write"
+                },
+                {
+                    "privilege_id": -40,
+                    "privilege": "unused"
                 }
             ],
     "ccm_objects":

ccm-core/src/test/resources/datasets/org/libreccm/core/PrivilegeRepositoryTest/after-create.json

@@ -0,0 +1,21 @@
+{
+    "ccm_privileges":
+            [
+                {
+                    "privilege_id": -10,
+                    "privilege": "admin"
+                },
+                {
+                    "privilege_id": -20,
+                    "privilege": "read"
+                },
+                {
+                    "privilege_id": -30,
+                    "privilege": "write"
+                },
+                {
+                    "privilege_id": -40,
+                    "privilege": "publish"
+                }
+            ]
+}

ccm-core/src/test/resources/datasets/org/libreccm/core/PrivilegeRepositoryTest/after-delete.json

@@ -0,0 +1,13 @@
+{
+    "ccm_privileges":
+            [
+                {
+                    "privilege_id": -10,
+                    "privilege": "admin"
+                },
+                {
+                    "privilege_id": -20,
+                    "privilege": "read"
+                }
+            ]
+}

ccm-core/src/test/resources/datasets/org/libreccm/core/PrivilegeRepositoryTest/data.json

@@ -0,0 +1,17 @@
+{
+    "ccm_privileges":
+            [
+                {
+                    "privilege_id": -10,
+                    "privilege": "admin"
+                },
+                {
+                    "privilege_id": -20,
+                    "privilege": "read"
+                },
+                {
+                    "privilege_id": -30,
+                    "privilege": "write"
+                }
+            ]
+}