diff --git a/ccm-core/src/main/java/org/libreccm/categorization/CategorizationConstants.java b/ccm-core/src/main/java/org/libreccm/categorization/CategorizationConstants.java
index 4a67c2c68..269d437a1 100644
--- a/ccm-core/src/main/java/org/libreccm/categorization/CategorizationConstants.java
+++ b/ccm-core/src/main/java/org/libreccm/categorization/CategorizationConstants.java
@@ -23,13 +23,15 @@ package org.libreccm.categorization;
* @author Jens Pelzetter
*/
public final class CategorizationConstants {
-
+
public static final String CAT_XML_NS = "http://categorization.libreccm.org";
- public static final String MANAGE_CATEGORIES_PRIVILEGE = "manage_categories";
+ public static final String MANAGE_CATEGORY_PRIVILEGE = "manage_category";
+ public static final String MANAGE_CATEGORY_OBJECTS_PRIVILEGE
+ = "manage_category_objects";
public static final String MANAGE_DOMAINS_PRIVILEGE = "manage_domains";
-
+
private CategorizationConstants() {
//Nothing
}
-
+
}
diff --git a/ccm-core/src/main/java/org/libreccm/categorization/Category.java b/ccm-core/src/main/java/org/libreccm/categorization/Category.java
index 246b755cc..6b9ae8c15 100644
--- a/ccm-core/src/main/java/org/libreccm/categorization/Category.java
+++ b/ccm-core/src/main/java/org/libreccm/categorization/Category.java
@@ -24,6 +24,7 @@ import org.hibernate.validator.constraints.NotBlank;
import org.libreccm.core.CcmObject;
import org.libreccm.core.DefaultEntityGraph;
import org.libreccm.l10n.LocalizedString;
+import org.libreccm.security.InheritsPermissions;
import java.io.Serializable;
import java.util.ArrayList;
@@ -90,7 +91,8 @@ import javax.validation.constraints.Pattern;
)
})
@DefaultEntityGraph("Category.withSubCategoriesAndObjects")
-public class Category extends CcmObject implements Serializable {
+public class Category extends CcmObject implements InheritsPermissions,
+ Serializable {
private static final long serialVersionUID = -7250208963391878547L;
@@ -317,6 +319,12 @@ public class Category extends CcmObject implements Serializable {
public void setCategoryOrder(final long categoryOrder) {
this.categoryOrder = categoryOrder;
}
+
+
+ @Override
+ public CcmObject getParent() {
+ return getParentCategory();
+ }
@Override
public int hashCode() {
diff --git a/ccm-core/src/main/java/org/libreccm/categorization/CategoryManager.java b/ccm-core/src/main/java/org/libreccm/categorization/CategoryManager.java
index a04d654a4..1ecb876dd 100644
--- a/ccm-core/src/main/java/org/libreccm/categorization/CategoryManager.java
+++ b/ccm-core/src/main/java/org/libreccm/categorization/CategoryManager.java
@@ -18,10 +18,15 @@
*/
package org.libreccm.categorization;
+import static org.libreccm.categorization.CategorizationConstants.*;
+
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.libreccm.core.CcmObject;
import org.libreccm.core.CcmObjectRepository;
+import org.libreccm.security.AuthorizationRequired;
+import org.libreccm.security.RequiresPrivilege;
+import org.libreccm.security.Shiro;
import java.util.ArrayList;
import java.util.List;
@@ -57,6 +62,9 @@ public class CategoryManager {
@Inject
private EntityManager entityManager;
+ @Inject
+ private Shiro shiro;
+
/**
* Assigns an category to an object.
*
@@ -74,9 +82,13 @@ public class CategoryManager {
* @param category The category to which the object should be assigned. Can
* never be {@code null}.
*/
+ @AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
- public void addObjectToCategory(final CcmObject object,
- final Category category) {
+ public void addObjectToCategory(
+ final CcmObject object,
+ @RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE)
+ final Category category) {
+
if (object == null) {
throw new IllegalArgumentException(
"Null can't be added to a category.");
@@ -96,9 +108,15 @@ public class CategoryManager {
object.addCategory(categorization);
category.addObject(categorization);
- entityManager.persist(categorization);
- categoryRepo.save(category);
- ccmObjectRepo.save(object);
+ // To saving a category requires the manage_category privilege which
+ // may has not been granted to a user which is allowed to assign objects
+ // to a category. Therefore we bypass the this authorisation check here
+ // by executing CategoryRepository#save(Category) as the system user.
+ shiro.getSystemUser().execute(() -> {
+ entityManager.persist(categorization);
+ categoryRepo.save(category);
+ ccmObjectRepo.save(object);
+ });
}
/**
@@ -121,9 +139,12 @@ public class CategoryManager {
* object is not
* assigned to the provided category.
*/
+ @AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
- public void removeObjectFromCategory(final CcmObject object,
- final Category category)
+ public void removeObjectFromCategory(
+ final CcmObject object,
+ @RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE)
+ final Category category)
throws ObjectNotAssignedToCategoryException {
if (object == null) {
@@ -154,23 +175,25 @@ public class CategoryManager {
return;
}
- object.removeCategory(categorization);
- category.removeObject(categorization);
- entityManager.remove(categorization);
- categoryRepo.save(category);
- ccmObjectRepo.save(object);
+ shiro.getSystemUser().execute(() -> {
+ object.removeCategory(categorization);
+ category.removeObject(categorization);
+ entityManager.remove(categorization);
+ categoryRepo.save(category);
+ ccmObjectRepo.save(object);
- final List categories = object.getCategories();
- for (int i = 0; i < categories.size(); i++) {
- categories.get(i).setCategoryOrder(i);
- entityManager.merge(categories.get(i));
- }
+ final List categories = object.getCategories();
+ for (int i = 0; i < categories.size(); i++) {
+ categories.get(i).setCategoryOrder(i);
+ entityManager.merge(categories.get(i));
+ }
- final List objects = category.getObjects();
- for (int i = 0; i < objects.size(); i++) {
- objects.get(i).setObjectOrder(i);
- entityManager.merge(objects.get(i));
- }
+ final List objects = category.getObjects();
+ for (int i = 0; i < objects.size(); i++) {
+ objects.get(i).setObjectOrder(i);
+ entityManager.merge(objects.get(i));
+ }
+ });
}
/**
@@ -187,9 +210,12 @@ public class CategoryManager {
* object is not assigned to
* the provided category.
*/
+ @AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
- public void increaseObjectOrder(final CcmObject object,
- final Category category)
+ public void increaseObjectOrder(
+ final CcmObject object,
+ @RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE)
+ final Category category)
throws ObjectNotAssignedToCategoryException {
if (object == null) {
@@ -241,7 +267,7 @@ public class CategoryManager {
categorization.setObjectOrder(nextOrder);
nextCategorization.setObjectOrder(order);
- categoryRepo.save(category);
+ shiro.getSystemUser().execute(() -> categoryRepo.save(category));
}
/**
@@ -258,9 +284,12 @@ public class CategoryManager {
* object is not assigned to
* the provided category.
*/
+ @AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
- public void decreaseObjectOrder(final CcmObject object,
- final Category category)
+ public void decreaseObjectOrder(
+ final CcmObject object,
+ @RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE)
+ final Category category)
throws ObjectNotAssignedToCategoryException {
if (object == null) {
@@ -312,7 +341,7 @@ public class CategoryManager {
categorization.setObjectOrder(prevOrder);
prevCategorization.setObjectOrder(order);
- categoryRepo.save(category);
+ shiro.getSystemUser().execute(() -> categoryRepo.save(category));
}
/**
@@ -346,9 +375,13 @@ public class CategoryManager {
* @param parentCategory The category to which the category is added as
* subcategory. Can't be {@code null}.
*/
+ @AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
- public void addSubCategoryToCategory(final Category subCategory,
- final Category parentCategory) {
+ public void addSubCategoryToCategory(
+ final Category subCategory,
+ @RequiresPrivilege(MANAGE_CATEGORY_PRIVILEGE)
+ final Category parentCategory) {
+
final Category sub = categoryRepo.findById(subCategory.getObjectId());
final Category parent = categoryRepo.findById(parentCategory
.getObjectId());
@@ -363,8 +396,10 @@ public class CategoryManager {
sub.setParentCategory(parent);
sub.setCategoryOrder(order);
- categoryRepo.save(parent);
- categoryRepo.save(sub);
+ shiro.getSystemUser().execute(() -> {
+ categoryRepo.save(parent);
+ categoryRepo.save(sub);
+ });
}
/**
@@ -380,9 +415,12 @@ public class CategoryManager {
* assigned to the provided parent
* category.
*/
+ @AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
- public void removeSubCategoryFromCategory(final Category subCategory,
- final Category parentCategory) {
+ public void removeSubCategoryFromCategory(
+ final Category subCategory,
+ @RequiresPrivilege(MANAGE_CATEGORY_PRIVILEGE)
+ final Category parentCategory) {
if (subCategory.getParentCategory() == null
|| !subCategory.getParentCategory().equals(parentCategory)) {
@@ -401,8 +439,10 @@ public class CategoryManager {
categoryRepo.save(subCategories.get(i));
}
- categoryRepo.save(parentCategory);
- categoryRepo.save(subCategory);
+ shiro.getSystemUser().execute(() -> {
+ categoryRepo.save(parentCategory);
+ categoryRepo.save(subCategory);
+ });
}
/**
@@ -420,9 +460,12 @@ public class CategoryManager {
* subcategory of the provided parent
* category.
*/
+ @AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
- public void increaseCategoryOrder(final Category subCategory,
- final Category parentCategory) {
+ public void increaseCategoryOrder(
+ final Category subCategory,
+ @RequiresPrivilege(MANAGE_CATEGORY_PRIVILEGE)
+ final Category parentCategory) {
if (parentCategory == null) {
throw new IllegalArgumentException("parentCategory can't be null.");
@@ -471,8 +514,10 @@ public class CategoryManager {
subCategory.setCategoryOrder(nextOrder);
nextCategory.setCategoryOrder(order);
- categoryRepo.save(subCategory);
- categoryRepo.save(nextCategory);
+ shiro.getSystemUser().execute(() -> {
+ categoryRepo.save(subCategory);
+ categoryRepo.save(nextCategory);
+ });
}
/**
@@ -490,8 +535,12 @@ public class CategoryManager {
* subcategory of the provided parent
* category.
*/
- public void decreaseCategoryOrder(final Category subCategory,
- final Category parentCategory) {
+ @AuthorizationRequired
+ @Transactional(Transactional.TxType.REQUIRED)
+ public void decreaseCategoryOrder(
+ final Category subCategory,
+ @RequiresPrivilege(MANAGE_CATEGORY_PRIVILEGE)
+ final Category parentCategory) {
if (parentCategory == null) {
throw new IllegalArgumentException("parentCategory can't be null.");
@@ -540,26 +589,10 @@ public class CategoryManager {
subCategory.setCategoryOrder(prevOrder);
prevCategory.setCategoryOrder(order);
- categoryRepo.save(subCategory);
- categoryRepo.save(prevCategory);
+ shiro.getSystemUser().execute(() -> {
+ categoryRepo.save(subCategory);
+ categoryRepo.save(prevCategory);
+ });
}
- /**
- * Swaps the values of the {@code order} properties of two categories.
- *
- * @param subCategoryA The first category. Can't be {@code null}.
- * @param subCategoryB The second category. Can't be {@code null}.
- * @param parentCategory The parent category of both subcategories. Can't be
- * {@code null}.
- *
- * @throws IllegalArgumentException If one or both categories are not
- * subcategories of the provided parent
- * category.qq
- */
-// public void swapCategories(final Category subCategoryA,
-// final Category subCategoryB,
-// final Category parentCategory) {
-// // TODO implement method
-// throw new UnsupportedOperationException();
-// }
}
diff --git a/ccm-core/src/main/java/org/libreccm/categorization/CategoryRepository.java b/ccm-core/src/main/java/org/libreccm/categorization/CategoryRepository.java
index 506538bc6..d52f14fa9 100644
--- a/ccm-core/src/main/java/org/libreccm/categorization/CategoryRepository.java
+++ b/ccm-core/src/main/java/org/libreccm/categorization/CategoryRepository.java
@@ -168,15 +168,20 @@ public class CategoryRepository extends AbstractEntityRepository
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(
- @RequiresPrivilege("manage_categories") final Category category) {
+ @RequiresPrivilege(CategorizationConstants.MANAGE_CATEGORY_PRIVILEGE)
+ final Category category) {
+
super.save(category);
}
@AuthorizationRequired
- @RequiresPrivilege("manage_categories")
+
@Transactional(Transactional.TxType.REQUIRED)
@Override
- public void delete(final Category category) {
+ public void delete(
+ @RequiresPrivilege(CategorizationConstants.MANAGE_CATEGORY_PRIVILEGE)
+ final Category category) {
+
super.save(category);
}
diff --git a/ccm-core/src/main/java/org/libreccm/configuration/ConfigurationManager.java b/ccm-core/src/main/java/org/libreccm/configuration/ConfigurationManager.java
index a2caf1584..2b0a3fdda 100644
--- a/ccm-core/src/main/java/org/libreccm/configuration/ConfigurationManager.java
+++ b/ccm-core/src/main/java/org/libreccm/configuration/ConfigurationManager.java
@@ -27,8 +27,11 @@ import javax.transaction.Transactional;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.util.Strings;
+import org.libreccm.core.CoreConstants;
import org.libreccm.modules.CcmModule;
import org.libreccm.modules.Module;
+import org.libreccm.security.AuthorizationRequired;
+import org.libreccm.security.RequiresPrivilege;
import java.util.Arrays;
import java.util.ServiceLoader;
@@ -123,6 +126,9 @@ public class ConfigurationManager {
* provided object is not annotation with
* {@link Configuration}.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+ @Transactional(Transactional.TxType.REQUIRED)
public void saveConfiguration(final Object configuration) {
if (configuration == null) {
throw new IllegalArgumentException("Configuration can't be null");
@@ -266,6 +272,8 @@ public class ConfigurationManager {
* @param valueType The type of the value of the setting.
* @param value The value to set.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
private void setSettingValue(final Object configuration,
final String settingName,
diff --git a/ccm-core/src/main/java/org/libreccm/configuration/SettingManager.java b/ccm-core/src/main/java/org/libreccm/configuration/SettingManager.java
index 9ae4f65f1..9d342185d 100644
--- a/ccm-core/src/main/java/org/libreccm/configuration/SettingManager.java
+++ b/ccm-core/src/main/java/org/libreccm/configuration/SettingManager.java
@@ -30,6 +30,9 @@ import javax.transaction.Transactional;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.util.Strings;
+import org.libreccm.core.CoreConstants;
+import org.libreccm.security.AuthorizationRequired;
+import org.libreccm.security.RequiresPrivilege;
import java.util.ArrayList;
import java.util.Objects;
@@ -220,6 +223,8 @@ public class SettingManager {
*
* @param setting The setting to save.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void saveSetting(final AbstractSetting setting) {
if (setting.getSettingId() == 0) {
diff --git a/ccm-core/src/main/java/org/libreccm/core/CoreConstants.java b/ccm-core/src/main/java/org/libreccm/core/CoreConstants.java
index 0d058349a..dca4277f2 100644
--- a/ccm-core/src/main/java/org/libreccm/core/CoreConstants.java
+++ b/ccm-core/src/main/java/org/libreccm/core/CoreConstants.java
@@ -42,6 +42,16 @@ public final class CoreConstants {
* in the security API.
*/
public static final String ACCESS_DENIED = "Access denied";
+
+ /**
+ * Constant for the {@code admin} privilege.
+ */
+ public static final String ADMIN_PRIVILEGE = "admin";
+
+ /**
+ * Constant for the {@code system} privilege.
+ */
+ public static final String SYSTEM_PRIVILEGE = "system";
private CoreConstants() {
//Nothing
diff --git a/ccm-core/src/main/java/org/libreccm/security/ChallengeManager.java b/ccm-core/src/main/java/org/libreccm/security/ChallengeManager.java
index 8e054e6bc..c458cee4a 100644
--- a/ccm-core/src/main/java/org/libreccm/security/ChallengeManager.java
+++ b/ccm-core/src/main/java/org/libreccm/security/ChallengeManager.java
@@ -29,6 +29,7 @@ import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.libreccm.configuration.ConfigurationManager;
import org.libreccm.configuration.LocalizedStringSetting;
+import org.libreccm.core.CoreConstants;
import org.libreccm.l10n.GlobalizationHelper;
import org.libreccm.l10n.LocalizedString;
@@ -108,6 +109,8 @@ public class ChallengeManager {
*
* @return The text of the challenge mail.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public String createEmailVerification(final User user) {
if (user == null) {
throw new IllegalArgumentException(
@@ -125,6 +128,8 @@ public class ChallengeManager {
* @throws MessagingException If there is a problem sending the email to the
* user.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public void sendEmailVerification(final User user)
throws MessagingException {
final String text = createEmailVerification(user);
@@ -145,6 +150,8 @@ public class ChallengeManager {
* @throws ChallengeFailedException If the provided token does not match the
* stored token.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public void finishEmailVerification(final User user,
final String submittedToken)
throws ChallengeFailedException {
@@ -172,6 +179,8 @@ public class ChallengeManager {
*
* @return The challenge message.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public String createAccountActivation(final User user) {
if (user == null) {
throw new IllegalArgumentException(
@@ -188,6 +197,8 @@ public class ChallengeManager {
* @throws MessagingException If something goes wrong when sending the
* message.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public void sendAccountActivation(final User user)
throws MessagingException {
final String text = createAccountActivation(user);
@@ -208,6 +219,8 @@ public class ChallengeManager {
* @throws ChallengeFailedException If the submitted token does not match
* the stored token.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public void finishAccountActivation(final User user,
final String submittedToken)
throws ChallengeFailedException {
@@ -233,6 +246,8 @@ public class ChallengeManager {
*
* @return The challenge message.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public String createPasswordRecover(final User user) {
if (user == null) {
throw new IllegalArgumentException(
@@ -250,6 +265,8 @@ public class ChallengeManager {
* @throws MessagingException If something goes wrong when sending the
* message.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public void sendPasswordRecover(final User user)
throws MessagingException {
final String text = createPasswordRecover(user);
@@ -271,6 +288,8 @@ public class ChallengeManager {
* @throws ChallengeFailedException If the submitted token does not match
* the stored token.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public void finishPasswordRecover(final User user,
final String submittedToken,
final String newPassword)
diff --git a/ccm-core/src/main/java/org/libreccm/security/GroupManager.java b/ccm-core/src/main/java/org/libreccm/security/GroupManager.java
index e4adf3d1a..5fde31aeb 100644
--- a/ccm-core/src/main/java/org/libreccm/security/GroupManager.java
+++ b/ccm-core/src/main/java/org/libreccm/security/GroupManager.java
@@ -18,6 +18,8 @@
*/
package org.libreccm.security;
+import org.libreccm.core.CoreConstants;
+
import java.util.List;
import javax.enterprise.context.RequestScoped;
@@ -53,6 +55,8 @@ public class GroupManager {
* @param user The user to add to a group.
* @param group The group to which the user is added.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void addMemberToGroup(final User user, final Group group) {
if (user == null) {
@@ -90,6 +94,8 @@ public class GroupManager {
* @param member The user to remove from the group.
* @param group The group from which the user is removed.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void removeMemberFromGroup(final User member, final Group group) {
if (member == null) {
diff --git a/ccm-core/src/main/java/org/libreccm/security/GroupRepository.java b/ccm-core/src/main/java/org/libreccm/security/GroupRepository.java
index f121f6d6f..2c2560fb0 100644
--- a/ccm-core/src/main/java/org/libreccm/security/GroupRepository.java
+++ b/ccm-core/src/main/java/org/libreccm/security/GroupRepository.java
@@ -24,6 +24,7 @@ import javax.enterprise.context.RequestScoped;
import javax.persistence.TypedQuery;
import org.libreccm.core.AbstractEntityRepository;
+import org.libreccm.core.CoreConstants;
import javax.transaction.Transactional;
@@ -92,7 +93,7 @@ public class GroupRepository extends AbstractEntityRepository {
}
@AuthorizationRequired
- @RequiresPrivilege("admin")
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(final Group group) {
@@ -100,7 +101,7 @@ public class GroupRepository extends AbstractEntityRepository {
}
@AuthorizationRequired
- @RequiresPrivilege("admin")
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void delete(final Group entity) {
diff --git a/ccm-core/src/main/java/org/libreccm/security/InheritsPermissions.java b/ccm-core/src/main/java/org/libreccm/security/InheritsPermissions.java
index 023a55968..a374fa76d 100644
--- a/ccm-core/src/main/java/org/libreccm/security/InheritsPermissions.java
+++ b/ccm-core/src/main/java/org/libreccm/security/InheritsPermissions.java
@@ -22,16 +22,26 @@ import org.libreccm.core.CcmObject;
/**
* Subclasses of {@link CcmObject} can implement this interface to inherit
- * the permissions of their parent object. This annotation is processed by the
+ * the permissions of their parent object. This interface is processed by the
* {@link PermissionChecker}.
*
- * @see PermissionChecker#checkPermission(java.lang.String, org.libreccm.core.CcmObject)
- * @see PermissionChecker#isPermitted(java.lang.String, org.libreccm.core.CcmObject)
+ * @see PermissionChecker#checkPermission(java.lang.String,
+ * org.libreccm.core.CcmObject)
+ * @see PermissionChecker#isPermitted(java.lang.String,
+ * org.libreccm.core.CcmObject)
*
* @author Jens Pelzetter
*/
public interface InheritsPermissions {
+ /**
+ * This method needs to be overwritten by implementers of interface
+ *
+ * @return The parent object of the implementing object. The
+ * {@link PermissionChecker} will use the permissions granted on the parent
+ * object in addition to the permissions granted on the object itself to
+ * determine if a user is granted a specific privilege on the object.
+ */
CcmObject getParent();
}
diff --git a/ccm-core/src/main/java/org/libreccm/security/OneTimeAuthManager.java b/ccm-core/src/main/java/org/libreccm/security/OneTimeAuthManager.java
index 171550823..6d6fb05f5 100644
--- a/ccm-core/src/main/java/org/libreccm/security/OneTimeAuthManager.java
+++ b/ccm-core/src/main/java/org/libreccm/security/OneTimeAuthManager.java
@@ -43,6 +43,7 @@ import org.apache.shiro.crypto.hash.format.HashFormat;
import org.apache.shiro.crypto.hash.format.HashFormatFactory;
import org.apache.shiro.crypto.hash.format.Shiro1CryptFormat;
import org.apache.shiro.util.ByteSource;
+import org.libreccm.core.CoreConstants;
/**
* This class manages the generation and delation of {@link OneTimeAuthToken}s.
@@ -77,6 +78,8 @@ public class OneTimeAuthManager {
*
* @return The one time authentication token with the not hashed token.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public OneTimeAuthToken createForUser(
final User user, final OneTimeAuthTokenPurpose purpose) {
@@ -144,6 +147,8 @@ public class OneTimeAuthManager {
* @return The one time auth token for the provided user and purpose or
* {@code null} if there is no such token.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public List retrieveForUser(
final User user, final OneTimeAuthTokenPurpose purpose) {
if (user == null || purpose == null) {
@@ -171,6 +176,8 @@ public class OneTimeAuthManager {
* @return {@code true} if there is a valid token for the provided user and
* purpose, {@code false} if not.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public boolean validTokenExistsForUser(
final User user, final OneTimeAuthTokenPurpose purpose) {
if (user == null || purpose == null) {
@@ -201,6 +208,8 @@ public class OneTimeAuthManager {
*
* @return {@code true} if the token is valid, {@code false} if not.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public boolean isValid(final OneTimeAuthToken token) {
if (token == null) {
throw new IllegalArgumentException("Can't validate a token null");
@@ -224,6 +233,8 @@ public class OneTimeAuthManager {
* @return {@code true} if the submitted token is valid and matches {@link token},
* {@code false} if not.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public boolean verify(final OneTimeAuthToken token,
final String submittedToken) {
if (token == null || submittedToken == null) {
@@ -253,6 +264,8 @@ public class OneTimeAuthManager {
*
* @param token The token to invalidate.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void invalidate(final OneTimeAuthToken token) {
if (token == null) {
diff --git a/ccm-core/src/main/java/org/libreccm/security/PartyRepository.java b/ccm-core/src/main/java/org/libreccm/security/PartyRepository.java
index 10a6b6de1..0bd397384 100644
--- a/ccm-core/src/main/java/org/libreccm/security/PartyRepository.java
+++ b/ccm-core/src/main/java/org/libreccm/security/PartyRepository.java
@@ -21,6 +21,7 @@ package org.libreccm.security;
import javax.enterprise.context.RequestScoped;
import org.libreccm.core.AbstractEntityRepository;
+import org.libreccm.core.CoreConstants;
import java.util.List;
@@ -76,7 +77,7 @@ public class PartyRepository extends AbstractEntityRepository {
}
@AuthorizationRequired
- @RequiresPrivilege("admin")
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(final Party party) {
@@ -84,7 +85,7 @@ public class PartyRepository extends AbstractEntityRepository {
}
@AuthorizationRequired
- @RequiresPrivilege("admin")
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void delete(final Party party) {
diff --git a/ccm-core/src/main/java/org/libreccm/security/PermissionChecker.java b/ccm-core/src/main/java/org/libreccm/security/PermissionChecker.java
index f324462e8..7492fdffe 100644
--- a/ccm-core/src/main/java/org/libreccm/security/PermissionChecker.java
+++ b/ccm-core/src/main/java/org/libreccm/security/PermissionChecker.java
@@ -138,15 +138,19 @@ public class PermissionChecker {
if (object instanceof InheritsPermissions) {
final boolean result = isPermitted(privilege, object);
- if (result) {
- subject.checkPermission(generatePermissionString(privilege,
- object));
- } else if (((InheritsPermissions) object).getParent() == null) {
- subject.checkPermission(generatePermissionString(privilege,
- object));
- } else {
- checkPermission(privilege,
- ((InheritsPermissions) object).getParent());
+ if (!result) {
+ if (((InheritsPermissions) object).getParent() == null) {
+ if (subject.isAuthenticated()) {
+ subject.checkPermission(generatePermissionString(
+ privilege, object));
+ } else {
+ shiro.getPublicUser().checkPermission(
+ generatePermissionString(privilege, object));
+ }
+ } else {
+ checkPermission(privilege,
+ ((InheritsPermissions) object).getParent());
+ }
}
} else if (subject.isAuthenticated()) {
subject.checkPermission(generatePermissionString(privilege, object));
diff --git a/ccm-core/src/main/java/org/libreccm/security/PermissionManager.java b/ccm-core/src/main/java/org/libreccm/security/PermissionManager.java
index 7afd92f29..7bc8fdeed 100644
--- a/ccm-core/src/main/java/org/libreccm/security/PermissionManager.java
+++ b/ccm-core/src/main/java/org/libreccm/security/PermissionManager.java
@@ -26,13 +26,14 @@ import javax.persistence.Query;
import javax.persistence.TypedQuery;
import org.libreccm.core.CcmObject;
+import org.libreccm.core.CoreConstants;
import javax.enterprise.context.RequestScoped;
import javax.transaction.Transactional;
/**
* Manager class for granting and revoking permissions.
- *
+ *
* @author Jens Pelzetter
*/
@RequestScoped
@@ -45,28 +46,30 @@ public class PermissionManager {
@SuppressWarnings("PMD.LongVariable")
private static final String QUERY_PARAM_PRIVILEGE = "privilege";
-
@Inject
private EntityManager entityManager;
/**
* Retrieves a permission by its ID. Useful for UI classes.
- *
+ *
* @param permissionId The id of the permission to retrieve.
+ *
* @return The permission identified by the provided {@code permissionId).
*/
public Permission findById(final long permissionId) {
return entityManager.find(Permission.class, permissionId);
}
-
+
/**
- * Grants a privilege on an object to a role. If the privilege was already
+ * Grants a privilege on an object to a role. If the privilege was already
* granted, the method does nothing.
- *
+ *
* @param privilege The privilege to grant.
- * @param grantee The role to which the privilege is granted.
- * @param object The object on which the privilege is granted.
+ * @param grantee The role to which the privilege is granted.
+ * @param object The object on which the privilege is granted.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void grantPrivilege(final String privilege,
final Role grantee,
@@ -80,7 +83,7 @@ public class PermissionManager {
throw new IllegalArgumentException(
"Can't grant a permission to grantee null.");
}
-
+
if (object == null) {
throw new IllegalArgumentException(
"Can't grant a permission on object NULL.");
@@ -97,12 +100,14 @@ public class PermissionManager {
}
/**
- * Grants a privilege to a role. If the privilege was already granted, the
+ * Grants a privilege to a role. If the privilege was already granted, the
* method does nothing.
- *
+ *
* @param privilege The privilege to grant.
- * @param grantee The role to which the privilege is granted.
+ * @param grantee The role to which the privilege is granted.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void grantPrivilege(final String privilege,
final Role grantee) {
@@ -127,13 +132,15 @@ public class PermissionManager {
}
/**
- * Revokes the permissions granting a privilege on an object from a role.
- * If no matching permission exists the method will do nothing.
- *
+ * Revokes the permissions granting a privilege on an object from a role. If
+ * no matching permission exists the method will do nothing.
+ *
* @param privilege The privilege granted by the permission to revoke.
- * @param grantee The role to which the privilege was granted.
- * @param object The object on which the privilege was granted.
+ * @param grantee The role to which the privilege was granted.
+ * @param object The object on which the privilege was granted.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void revokePrivilege(final String privilege,
final Role grantee,
@@ -147,7 +154,7 @@ public class PermissionManager {
throw new IllegalArgumentException(
"Can't revoke a permission from grantee null.");
}
-
+
if (object == null) {
throw new IllegalArgumentException(
"Can't revoke a permission from object NULL.");
@@ -165,14 +172,16 @@ public class PermissionManager {
query.executeUpdate();
}
}
-
- /**
- * Revokes the permissions granting a privilege from a role.
- * If no matching permission exists the method will do nothing.
- *
+
+ /**
+ * Revokes the permissions granting a privilege from a role. If no matching
+ * permission exists the method will do nothing.
+ *
* @param privilege The privilege granted by the permission to revoke.
- * @param grantee The role to which the privilege was granted.
+ * @param grantee The role to which the privilege was granted.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void revokePrivilege(final String privilege,
final Role grantee) {
@@ -199,15 +208,17 @@ public class PermissionManager {
}
/**
- * Copy the permissions from on {@link CcmObject} to another. The
- * permissions granted on the {@code target} object will not be removed.
- * Instead the permissions from {@code source} object are added the the
+ * Copy the permissions from on {@link CcmObject} to another. The
+ * permissions granted on the {@code target} object will not be removed.
+ * Instead the permissions from {@code source} object are added the the
* permissions.
- *
- *
+ *
+ *
* @param source
- * @param target
+ * @param target
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void copyPermissions(final CcmObject source,
final CcmObject target) {
@@ -215,7 +226,7 @@ public class PermissionManager {
throw new IllegalArgumentException(
"Can't copy permissions from source NULL.");
}
-
+
if (target == null) {
throw new IllegalArgumentException(
"Can't copy permissions to target NULL.");
@@ -236,12 +247,13 @@ public class PermissionManager {
/**
* Checks if a permission granting the provided {@code privilege} on the
* provided {@code object} to the provided {@code role} exists.
- *
+ *
* @param privilege The privilege granted by the permission.
- * @param grantee The role to which the privilege was granted.
- * @param object The object on which the privilege is granted.
+ * @param grantee The role to which the privilege was granted.
+ * @param object The object on which the privilege is granted.
+ *
* @return {@code true} if there is a matching permission, {@code false} if
- * not.
+ * not.
*/
private boolean existsPermission(final String privilege,
final Role grantee,
@@ -256,13 +268,14 @@ public class PermissionManager {
}
/**
- * Checks if a permission granting the provided {@code privilege}to the
+ * Checks if a permission granting the provided {@code privilege}to the
* provided {@code role} exists.
- *
+ *
* @param privilege The privilege granted by the permission.
- * @param grantee The role to which the privilege was granted.
+ * @param grantee The role to which the privilege was granted.
+ *
* @return {@code true} if there is a matching permission, {@code false} if
- * not.
+ * not.
*/
private boolean existsPermission(final String privilege,
final Role grantee) {
diff --git a/ccm-core/src/main/java/org/libreccm/security/RegistrationManager.java b/ccm-core/src/main/java/org/libreccm/security/RegistrationManager.java
index e8516bd7e..42549fcfc 100644
--- a/ccm-core/src/main/java/org/libreccm/security/RegistrationManager.java
+++ b/ccm-core/src/main/java/org/libreccm/security/RegistrationManager.java
@@ -18,17 +18,15 @@
*/
package org.libreccm.security;
-import com.arsdigita.bebop.FormProcessException;
-import com.arsdigita.globalization.GlobalizedMessage;
import com.arsdigita.ui.login.UserNewForm;
import org.apache.logging.log4j.util.Strings;
+import org.libreccm.core.CoreConstants;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.mail.MessagingException;
-import static com.arsdigita.ui.login.LoginConstants.*;
/**
* The CDI bean encapsulates all steps for registering a user, for example by a
@@ -83,6 +81,8 @@ public class RegistrationManager {
* activation challenge to the new user.
* @throws IllegalArgumentException If the provided {@code user} is
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public void registerUser(final String userName,
final String familyName,
final String givenName,
diff --git a/ccm-core/src/main/java/org/libreccm/security/RoleManager.java b/ccm-core/src/main/java/org/libreccm/security/RoleManager.java
index 9d612e127..4af28fa33 100644
--- a/ccm-core/src/main/java/org/libreccm/security/RoleManager.java
+++ b/ccm-core/src/main/java/org/libreccm/security/RoleManager.java
@@ -18,6 +18,8 @@
*/
package org.libreccm.security;
+import org.libreccm.core.CoreConstants;
+
import java.util.List;
import javax.enterprise.context.RequestScoped;
@@ -53,6 +55,8 @@ public class RoleManager {
* @param role The role to assign.
* @param party The party which to which to role is assigned.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void assignRoleToParty(final Role role, final Party party) {
if (role == null) {
@@ -87,6 +91,8 @@ public class RoleManager {
* @param role
* @param party
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void removeRoleFromParty(final Role role, final Party party) {
if (role == null) {
diff --git a/ccm-core/src/main/java/org/libreccm/security/RoleRepository.java b/ccm-core/src/main/java/org/libreccm/security/RoleRepository.java
index c5c387362..248962d91 100644
--- a/ccm-core/src/main/java/org/libreccm/security/RoleRepository.java
+++ b/ccm-core/src/main/java/org/libreccm/security/RoleRepository.java
@@ -24,6 +24,7 @@ import javax.enterprise.context.RequestScoped;
import javax.persistence.TypedQuery;
import org.libreccm.core.AbstractEntityRepository;
+import org.libreccm.core.CoreConstants;
import javax.transaction.Transactional;
@@ -82,7 +83,7 @@ public class RoleRepository extends AbstractEntityRepository {
}
@AuthorizationRequired
- @RequiresPrivilege("admin")
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(final Role role) {
@@ -90,7 +91,7 @@ public class RoleRepository extends AbstractEntityRepository {
}
@AuthorizationRequired
- @RequiresPrivilege("admin")
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Override
@Transactional(Transactional.TxType.REQUIRED)
public void delete(final Role role) {
diff --git a/ccm-core/src/main/java/org/libreccm/security/UserManager.java b/ccm-core/src/main/java/org/libreccm/security/UserManager.java
index 235d5952a..e16babba2 100644
--- a/ccm-core/src/main/java/org/libreccm/security/UserManager.java
+++ b/ccm-core/src/main/java/org/libreccm/security/UserManager.java
@@ -18,6 +18,7 @@
*/
package org.libreccm.security;
+import com.arsdigita.kernel.KernelConfig;
import com.arsdigita.kernel.security.SecurityConfig;
import javax.enterprise.context.RequestScoped;
@@ -34,9 +35,14 @@ import org.apache.shiro.crypto.hash.format.DefaultHashFormatFactory;
import org.apache.shiro.crypto.hash.format.HashFormat;
import org.apache.shiro.crypto.hash.format.HashFormatFactory;
import org.apache.shiro.crypto.hash.format.Shiro1CryptFormat;
+import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ByteSource;
+import org.libreccm.configuration.ConfigurationManager;
+import org.libreccm.core.CoreConstants;
import org.libreccm.core.EmailAddress;
+import javax.transaction.Transactional;
+
/**
* Provides various operations for user objects.
*
@@ -49,6 +55,18 @@ public class UserManager {
@Inject
private UserRepository userRepository;
+ @Inject
+ private Subject subject;
+
+ @Inject
+ private Shiro shiro;
+
+ @Inject
+ private PermissionChecker permissionChecker;
+
+ @Inject
+ private ConfigurationManager confManager;
+
/**
* Creates a new user and saves the user in the database. The method also
* creates the password hash.
@@ -63,7 +81,10 @@ public class UserManager {
*
* @return The new user.
*/
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@ValidateOnExecution
+ @Transactional(Transactional.TxType.REQUIRED)
public User createUser(final String givenName,
final String familyName,
@Pattern(regexp = "[a-zA-Z0-9\\-_]*")
@@ -93,17 +114,38 @@ public class UserManager {
* Updates the password of a user. This method allows {@code null} as
* password value. If a user has no password in the database this means that
* the user can't login or that the authentication for this user is done by
- * an external system.
+ * an external system. Only the user itself or user to which the
+ * {@code admin} privilege has been granted can update the password of user.
*
* @param user The user which password should be upgraded.
* @param newPassword The new password. The password is hashed using the
* algorithm configured in the {@link SecurityConfig}.
*/
+ @Transactional(Transactional.TxType.REQUIRED)
public void updatePassword(@NotNull final User user,
final String newPassword) {
- user.setPassword(hashPassword(newPassword));
+ // We can't use the authorisation annotations here because we have two
+ // options. First we check if the current subject is the user whos
+ // password is updated. If not we check if the current subject has admin
+ // privileges.
+ final String userIdentifier;
+ final KernelConfig kernelConfig = confManager.findConfiguration(
+ KernelConfig.class);
+ if (kernelConfig.emailIsPrimaryIdentifier()) {
+ userIdentifier = user.getPrimaryEmailAddress().getAddress();
+ } else {
+ userIdentifier = user.getName();
+ }
- userRepository.save(user);
+ if (subject.isAuthenticated()
+ && userIdentifier.equals(subject.getPrincipal())) {
+ user.setPassword(hashPassword(newPassword));
+ shiro.getSystemUser().execute(() -> userRepository.save(user));
+ } else {
+ permissionChecker.checkPermission(CoreConstants.ADMIN_PRIVILEGE);
+ user.setPassword(hashPassword(newPassword));
+ shiro.getSystemUser().execute(() -> userRepository.save(user));
+ }
}
/**
@@ -149,7 +191,7 @@ public class UserManager {
//format includes the algorithm used, the salt, the number of
//iterations used and the hashed password in special formatted string.
final HashFormatFactory hashFormatFactory
- = new DefaultHashFormatFactory();
+ = new DefaultHashFormatFactory();
final HashFormat hashFormat = hashFormatFactory.getInstance(
Shiro1CryptFormat.class.getName());
@@ -171,7 +213,7 @@ public class UserManager {
}
final SecureRandomNumberGenerator generator
- = new SecureRandomNumberGenerator();
+ = new SecureRandomNumberGenerator();
final int byteSize = generatedSaltSize / 8; //generatedSaltSize is in *bits* - convert to byte size:
return generator.nextBytes(byteSize);
}
diff --git a/ccm-core/src/main/java/org/libreccm/security/UserRepository.java b/ccm-core/src/main/java/org/libreccm/security/UserRepository.java
index 431362d36..caedffaab 100644
--- a/ccm-core/src/main/java/org/libreccm/security/UserRepository.java
+++ b/ccm-core/src/main/java/org/libreccm/security/UserRepository.java
@@ -19,6 +19,7 @@
package org.libreccm.security;
import org.libreccm.core.AbstractEntityRepository;
+import org.libreccm.core.CoreConstants;
import java.util.List;
@@ -161,7 +162,7 @@ public class UserRepository extends AbstractEntityRepository {
}
@AuthorizationRequired
- @RequiresPrivilege("admin")
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(final User entity) {
@@ -169,7 +170,7 @@ public class UserRepository extends AbstractEntityRepository {
}
@AuthorizationRequired
- @RequiresPrivilege("admin")
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void delete(final User entity) {
diff --git a/ccm-core/src/main/java/org/libreccm/web/ApplicationManager.java b/ccm-core/src/main/java/org/libreccm/web/ApplicationManager.java
index 8c025d099..0032de364 100644
--- a/ccm-core/src/main/java/org/libreccm/web/ApplicationManager.java
+++ b/ccm-core/src/main/java/org/libreccm/web/ApplicationManager.java
@@ -21,9 +21,12 @@ package org.libreccm.web;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.util.Strings;
+import org.libreccm.core.CoreConstants;
import org.libreccm.l10n.GlobalizationHelper;
import org.libreccm.modules.CcmModule;
import org.libreccm.modules.Module;
+import org.libreccm.security.AuthorizationRequired;
+import org.libreccm.security.RequiresPrivilege;
import java.util.Collections;
import java.util.HashMap;
@@ -34,12 +37,14 @@ import java.util.ResourceBundle;
import java.util.ServiceLoader;
import javax.annotation.PostConstruct;
+import javax.ejb.TransactionAttribute;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.persistence.EntityManager;
import javax.persistence.TypedQuery;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
+import javax.transaction.Transactional;
/**
*
@@ -80,10 +85,14 @@ public class ApplicationManager {
return Collections.unmodifiableMap(applicationTypes);
}
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+ @Transactional(Transactional.TxType.REQUIRED)
public T createInstance(
final ApplicationType type,
final String path,
final Class applicationClass) throws ApplicationCreateException {
+
try {
@SuppressWarnings("unchecked")
final ApplicationCreator creator = type.creator().newInstance();
@@ -98,6 +107,9 @@ public class ApplicationManager {
}
}
+ @AuthorizationRequired
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+ @Transactional(Transactional.TxType.REQUIRED)
public void deleteInstance(final CcmApplication application) {
entityManager.remove(application);
}
diff --git a/ccm-core/src/main/java/org/libreccm/web/ApplicationRepository.java b/ccm-core/src/main/java/org/libreccm/web/ApplicationRepository.java
index 01e540e92..caf888ef9 100644
--- a/ccm-core/src/main/java/org/libreccm/web/ApplicationRepository.java
+++ b/ccm-core/src/main/java/org/libreccm/web/ApplicationRepository.java
@@ -20,6 +20,7 @@ package org.libreccm.web;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.libreccm.core.AbstractEntityRepository;
+import org.libreccm.core.CoreConstants;
import org.libreccm.security.AuthorizationRequired;
import org.libreccm.security.RequiresPrivilege;
@@ -86,7 +87,7 @@ public class ApplicationRepository
}
@AuthorizationRequired
- @RequiresPrivilege("admin")
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(final CcmApplication application) {
@@ -94,7 +95,7 @@ public class ApplicationRepository
}
@AuthorizationRequired
- @RequiresPrivilege("admin")
+ @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void delete(final CcmApplication application) {
diff --git a/ccm-core/src/test/java/org/libreccm/categorization/CategoryManagerTest.java b/ccm-core/src/test/java/org/libreccm/categorization/CategoryManagerTest.java
index 38892eb36..2b71c35e8 100644
--- a/ccm-core/src/test/java/org/libreccm/categorization/CategoryManagerTest.java
+++ b/ccm-core/src/test/java/org/libreccm/categorization/CategoryManagerTest.java
@@ -18,7 +18,11 @@
*/
package org.libreccm.categorization;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.authz.UnauthorizedException;
+import org.apache.shiro.subject.Subject;
import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.container.test.api.ShouldThrowException;
import org.jboss.arquillian.junit.Arquillian;
import org.jboss.arquillian.junit.InSequence;
import org.jboss.arquillian.persistence.CreateSchema;
@@ -28,7 +32,6 @@ import org.jboss.arquillian.persistence.UsingDataSet;
import org.jboss.arquillian.transaction.api.annotation.TransactionMode;
import org.jboss.arquillian.transaction.api.annotation.Transactional;
import org.jboss.shrinkwrap.api.ShrinkWrap;
-import org.jboss.shrinkwrap.api.asset.EmptyAsset;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.jboss.shrinkwrap.resolver.api.maven.Maven;
import org.jboss.shrinkwrap.resolver.api.maven.PomEquippedResolveStage;
@@ -40,9 +43,11 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import org.libreccm.core.CcmObject;
import org.libreccm.core.CcmObjectRepository;
+import org.libreccm.security.Shiro;
import org.libreccm.tests.categories.IntegrationTest;
import java.io.File;
+import java.util.concurrent.Callable;
import javax.inject.Inject;
import javax.persistence.EntityManager;
@@ -75,6 +80,12 @@ public class CategoryManagerTest {
@Inject
private DomainRepository domainRepo;
+ @Inject
+ private Shiro shiro;
+
+ @Inject
+ private Subject subject;
+
@PersistenceContext(name = "LibreCCM")
private EntityManager entityManager;
@@ -125,16 +136,21 @@ public class CategoryManagerTest {
.getPackage())
.addPackage(org.libreccm.l10n.LocalizedString.class.getPackage())
.addPackage(org.libreccm.security.Permission.class.getPackage())
- .addPackage(org.libreccm.testutils.EqualsVerifier.class.getPackage())
+ .addPackage(org.libreccm.testutils.EqualsVerifier.class
+ .getPackage())
.addPackage(org.libreccm.tests.categories.IntegrationTest.class
.getPackage())
.addPackage(org.libreccm.web.CcmApplication.class.getPackage())
.addPackage(org.libreccm.workflow.Workflow.class.getPackage())
+ .addPackage(org.libreccm.cdi.utils.CdiUtil.class.getPackage())
+ .addClass(com.arsdigita.kernel.KernelConfig.class)
+ .addClass(com.arsdigita.kernel.security.SecurityConfig.class)
.addAsLibraries(libs)
+ .addAsResource("configs/shiro.ini", "shiro.ini")
.addAsResource("test-persistence.xml",
"META-INF/persistence.xml")
- .addAsWebInfResource("test-web.xml", "WEB-INF/web.xml")
- .addAsWebInfResource(EmptyAsset.INSTANCE, "WEB-INF/beans.xml");
+ .addAsWebInfResource("test-web.xml", "web.xml")
+ .addAsWebInfResource("META-INF/beans.xml", "beans.xml");
}
@Test
@@ -165,7 +181,73 @@ public class CategoryManagerTest {
+ "after-add-obj-to-category.yml",
excludeColumns = {"categorization_id"})
@InSequence(1100)
- public void addObjectToCategory() {
+ public void addObjectToCategoryBySystemUser() {
+ final CcmObject object2 = ccmObjectRepo.findById(-3200L);
+ final Category foo = categoryRepo.findById(-2100L);
+
+ assertThat(object2, is(not(nullValue())));
+ assertThat(foo, is(not(nullValue())));
+
+ shiro.getSystemUser().execute(() -> categoryManager.addObjectToCategory(
+ object2, foo));
+ }
+
+ @Test
+ @UsingDataSet(
+ "datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
+ @ShouldMatchDataSet(
+ value = "datasets/org/libreccm/categorization/CategoryManagerTest/"
+ + "after-add-obj-to-category.yml",
+ excludeColumns = {"categorization_id"})
+ @InSequence(1200)
+ public void addObjectToCategoryAuthByDomain() {
+ final CcmObject object2 = ccmObjectRepo.findById(-3200L);
+ final Category foo = categoryRepo.findById(-2100L);
+
+ assertThat(object2, is(not(nullValue())));
+ assertThat(foo, is(not(nullValue())));
+
+ final UsernamePasswordToken token = new UsernamePasswordToken(
+ "jane.doe@example.org", "foo123");
+ token.setRememberMe(true);
+ subject.login(token);
+
+ categoryManager.addObjectToCategory(object2, foo);
+
+ subject.logout();
+ }
+
+ @Test
+ @UsingDataSet(
+ "datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
+ @ShouldMatchDataSet(
+ value = "datasets/org/libreccm/categorization/CategoryManagerTest/"
+ + "after-add-obj-to-category.yml",
+ excludeColumns = {"categorization_id"})
+ @InSequence(1300)
+ public void addObjectToCategoryAuthByCategory() {
+ final CcmObject object2 = ccmObjectRepo.findById(-3200L);
+ final Category foo = categoryRepo.findById(-2100L);
+
+ assertThat(object2, is(not(nullValue())));
+ assertThat(foo, is(not(nullValue())));
+
+ final UsernamePasswordToken token = new UsernamePasswordToken(
+ "mmuster@example.com", "foo123");
+ token.setRememberMe(true);
+ subject.login(token);
+
+ categoryManager.addObjectToCategory(object2, foo);
+
+ subject.logout();
+ }
+
+ @Test(expected = UnauthorizedException.class)
+ @UsingDataSet(
+ "datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
+ @ShouldThrowException(UnauthorizedException.class)
+ @InSequence(1400)
+ public void addObjectToCategoryNotAuthorized() {
final CcmObject object2 = ccmObjectRepo.findById(-3200L);
final Category foo = categoryRepo.findById(-2100L);
@@ -178,11 +260,86 @@ public class CategoryManagerTest {
@Test
@UsingDataSet(
"datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
- @ShouldMatchDataSet(value
- = "datasets/org/libreccm/categorization/CategoryManagerTest/after-remove-obj-from-category.yml",
- excludeColumns = {"categorization_id"})
- @InSequence(1200)
- public void removeObjectFromCategory()
+ @ShouldMatchDataSet(
+ value = "datasets/org/libreccm/categorization/CategoryManagerTest/"
+ + "after-remove-obj-from-category.yml",
+ excludeColumns = {"categorization_id"})
+ @InSequence(2000)
+ public void removeObjectFromCategoryBySystemUser()
+ throws ObjectNotAssignedToCategoryException {
+
+ final CcmObject object1 = ccmObjectRepo.findById(-3100L);
+ final Category foo = categoryRepo.findById(-2100L);
+
+ assertThat(object1, is(not(nullValue())));
+ assertThat(foo, is(not(nullValue())));
+
+ shiro.getSystemUser().execute(() -> {
+ categoryManager.removeObjectFromCategory(object1, foo);
+ return null;
+ });
+ }
+
+ @Test
+ @UsingDataSet(
+ "datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
+ @ShouldMatchDataSet(
+ value = "datasets/org/libreccm/categorization/CategoryManagerTest/"
+ + "after-remove-obj-from-category.yml",
+ excludeColumns = {"categorization_id"})
+ @InSequence(2100)
+ public void removeObjectFromCategoryAuthByDomain()
+ throws ObjectNotAssignedToCategoryException {
+
+ final CcmObject object1 = ccmObjectRepo.findById(-3100L);
+ final Category foo = categoryRepo.findById(-2100L);
+
+ assertThat(object1, is(not(nullValue())));
+ assertThat(foo, is(not(nullValue())));
+
+ final UsernamePasswordToken token = new UsernamePasswordToken(
+ "jane.doe@example.org", "foo123");
+ token.setRememberMe(true);
+ subject.login(token);
+
+ categoryManager.removeObjectFromCategory(object1, foo);
+
+ subject.logout();
+ }
+
+ @Test
+ @UsingDataSet(
+ "datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
+ @ShouldMatchDataSet(
+ value = "datasets/org/libreccm/categorization/CategoryManagerTest/"
+ + "after-remove-obj-from-category.yml",
+ excludeColumns = {"categorization_id"})
+ @InSequence(2200)
+ public void removeObjectFromCategoryAuthByCategory()
+ throws ObjectNotAssignedToCategoryException {
+
+ final CcmObject object1 = ccmObjectRepo.findById(-3100L);
+ final Category foo = categoryRepo.findById(-2100L);
+
+ assertThat(object1, is(not(nullValue())));
+ assertThat(foo, is(not(nullValue())));
+
+ final UsernamePasswordToken token = new UsernamePasswordToken(
+ "mmuster@example.com", "foo123");
+ token.setRememberMe(true);
+ subject.login(token);
+
+ categoryManager.removeObjectFromCategory(object1, foo);
+
+ subject.logout();
+ }
+
+ @Test(expected = UnauthorizedException.class)
+ @UsingDataSet(
+ "datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
+ @ShouldThrowException(UnauthorizedException.class)
+ @InSequence(2300)
+ public void removeObjectFromCategoryNotAuthorized()
throws ObjectNotAssignedToCategoryException {
final CcmObject object1 = ccmObjectRepo.findById(-3100L);
@@ -201,8 +358,98 @@ public class CategoryManagerTest {
value = "datasets/org/libreccm/categorization/"
+ "CategoryManagerTest/after-add-subcategory.yml",
excludeColumns = {"object_id", "uuid"})
- @InSequence(2100)
- public void addSubCategoryToCategory() {
+ @InSequence(3000)
+ public void addSubCategoryToCategoryBySystemUser() {
+ final Category category = new Category();
+ category.setName("category-new");
+ category.setDisplayName("category-new");
+ category.setUniqueId("catnew");
+ shiro.getSystemUser().execute(() -> categoryRepo.save(category));
+
+ final TypedQuery query = entityManager.createQuery(
+ "SELECT c FROM Category c WHERE c.name = :name",
+ Category.class);
+ query.setParameter("name", "category-new");
+ final Category sub = query.getSingleResult();
+
+ final Category foo = categoryRepo.findById(-2100L);
+
+ shiro.getSystemUser().execute(
+ () -> categoryManager.addSubCategoryToCategory(sub, foo));
+ }
+
+ @Test
+ @UsingDataSet(
+ "datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
+ @ShouldMatchDataSet(
+ value = "datasets/org/libreccm/categorization/"
+ + "CategoryManagerTest/after-add-subcategory.yml",
+ excludeColumns = {"object_id", "uuid"})
+ @InSequence(3000)
+ public void addSubCategoryToCategoryAuthByDomain() {
+ final Category category = new Category();
+ category.setName("category-new");
+ category.setDisplayName("category-new");
+ category.setUniqueId("catnew");
+ shiro.getSystemUser().execute(() -> categoryRepo.save(category));
+
+ final TypedQuery query = entityManager.createQuery(
+ "SELECT c FROM Category c WHERE c.name = :name",
+ Category.class);
+ query.setParameter("name", "category-new");
+ final Category sub = query.getSingleResult();
+
+ final Category foo = categoryRepo.findById(-2100L);
+
+ final UsernamePasswordToken token = new UsernamePasswordToken(
+ "jane.doe@example.org", "foo123");
+ token.setRememberMe(true);
+ subject.login(token);
+
+ categoryManager.addSubCategoryToCategory(sub, foo);
+
+ subject.logout();
+ }
+
+ @Test
+ @UsingDataSet(
+ "datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
+ @ShouldMatchDataSet(
+ value = "datasets/org/libreccm/categorization/"
+ + "CategoryManagerTest/after-add-subcategory.yml",
+ excludeColumns = {"object_id", "uuid"})
+ @InSequence(3000)
+ public void addSubCategoryToCategoryAuthByCategory() {
+ final Category category = new Category();
+ category.setName("category-new");
+ category.setDisplayName("category-new");
+ category.setUniqueId("catnew");
+ shiro.getSystemUser().execute(() -> categoryRepo.save(category));
+
+ final TypedQuery query = entityManager.createQuery(
+ "SELECT c FROM Category c WHERE c.name = :name",
+ Category.class);
+ query.setParameter("name", "category-new");
+ final Category sub = query.getSingleResult();
+
+ final Category foo = categoryRepo.findById(-2100L);
+
+ final UsernamePasswordToken token = new UsernamePasswordToken(
+ "mmuster@example.com", "foo123");
+ token.setRememberMe(true);
+ subject.login(token);
+
+ categoryManager.addSubCategoryToCategory(sub, foo);
+
+ subject.logout();
+ }
+
+ @Test(expected = UnauthorizedException.class)
+ @UsingDataSet(
+ "datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
+ @ShouldThrowException(UnauthorizedException.class)
+ @InSequence(3000)
+ public void addSubCategoryToCategoryNotAuthorized() {
final Category category = new Category();
category.setName("category-new");
category.setDisplayName("category-new");
@@ -216,7 +463,6 @@ public class CategoryManagerTest {
final Category sub = query.getSingleResult();
final Category foo = categoryRepo.findById(-2100L);
-// final Category sub = categoryRepo.findById(-2200L);
categoryManager.addSubCategoryToCategory(sub, foo);
}
@@ -228,8 +474,65 @@ public class CategoryManagerTest {
value = "datasets/org/libreccm/categorization/"
+ "CategoryManagerTest/after-remove-subcategory.yml",
excludeColumns = {"categorization_id", "object_id"})
- @InSequence(2200)
- public void removeSubCategoryFromCategory() {
+ @InSequence(4000)
+ public void removeSubCategoryFromCategoryBySystemUser() {
+ final Category foo = categoryRepo.findById(-2100L);
+ final Category bar = categoryRepo.findById(-2200L);
+
+ shiro.getSystemUser().execute(
+ () -> categoryManager.removeSubCategoryFromCategory(bar, foo));
+ }
+
+ @Test
+ @UsingDataSet(
+ "datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
+ @ShouldMatchDataSet(
+ value = "datasets/org/libreccm/categorization/"
+ + "CategoryManagerTest/after-remove-subcategory.yml",
+ excludeColumns = {"categorization_id", "object_id"})
+ @InSequence(4000)
+ public void removeSubCategoryFromCategoryAuthByDomain() {
+ final Category foo = categoryRepo.findById(-2100L);
+ final Category bar = categoryRepo.findById(-2200L);
+
+ final UsernamePasswordToken token = new UsernamePasswordToken(
+ "jane.doe@example.org", "foo123");
+ token.setRememberMe(true);
+ subject.login(token);
+
+ categoryManager.removeSubCategoryFromCategory(bar, foo);
+
+ subject.logout();
+ }
+
+ @Test
+ @UsingDataSet(
+ "datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
+ @ShouldMatchDataSet(
+ value = "datasets/org/libreccm/categorization/"
+ + "CategoryManagerTest/after-remove-subcategory.yml",
+ excludeColumns = {"categorization_id", "object_id"})
+ @InSequence(4000)
+ public void removeSubCategoryFromCategoryAuthByCategory() {
+ final Category foo = categoryRepo.findById(-2100L);
+ final Category bar = categoryRepo.findById(-2200L);
+
+ final UsernamePasswordToken token = new UsernamePasswordToken(
+ "mmuster@example.com", "foo123");
+ token.setRememberMe(true);
+ subject.login(token);
+
+ categoryManager.removeSubCategoryFromCategory(bar, foo);
+
+ subject.logout();
+ }
+
+ @Test(expected = UnauthorizedException.class)
+ @UsingDataSet(
+ "datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
+ @ShouldThrowException(UnauthorizedException.class)
+ @InSequence(4000)
+ public void removeSubCategoryFromCategoryNotAuthorized() {
final Category foo = categoryRepo.findById(-2100L);
final Category bar = categoryRepo.findById(-2200L);
@@ -243,38 +546,41 @@ public class CategoryManagerTest {
value = "datasets/org/libreccm/categorization/CategoryManagerTest/"
+ "after-create-multiple-categories.yml",
excludeColumns = {"object_id", "uuid"})
- @InSequence(3100)
+ @InSequence(5000)
public void createMultipleCategories() {
- final Domain domain = domainRepo.findByDomainKey("test");
- final Category root = domain.getRoot();
- final Category com = new Category();
- com.setName("com");
- com.setDisplayName("com");
- com.setUniqueId("com");
- categoryRepo.save(com);
- categoryManager.addSubCategoryToCategory(com, root);
+ shiro.getSystemUser().execute(() -> {
+ final Domain domain = domainRepo.findByDomainKey("test");
+ final Category root = domain.getRoot();
- final Category example = new Category();
- example.setName("example");
- example.setDisplayName("example");
- example.setUniqueId("example");
- categoryRepo.save(example);
- categoryManager.addSubCategoryToCategory(example, com);
+ final Category com = new Category();
+ com.setName("com");
+ com.setDisplayName("com");
+ com.setUniqueId("com");
+ categoryRepo.save(com);
+ categoryManager.addSubCategoryToCategory(com, root);
- final Category categories = new Category();
- categories.setName("categories");
- categories.setDisplayName("categories");
- categories.setUniqueId("categories");
- categoryRepo.save(categories);
- categoryManager.addSubCategoryToCategory(categories, example);
+ final Category example = new Category();
+ example.setName("example");
+ example.setDisplayName("example");
+ example.setUniqueId("example");
+ categoryRepo.save(example);
+ categoryManager.addSubCategoryToCategory(example, com);
- final Category test = new Category();
- test.setName("test");
- test.setDisplayName("test");
- test.setUniqueId("test");
- categoryRepo.save(test);
- categoryManager.addSubCategoryToCategory(test, categories);
+ final Category categories = new Category();
+ categories.setName("categories");
+ categories.setDisplayName("categories");
+ categories.setUniqueId("categories");
+ categoryRepo.save(categories);
+ categoryManager.addSubCategoryToCategory(categories, example);
+
+ final Category test = new Category();
+ test.setName("test");
+ test.setDisplayName("test");
+ test.setUniqueId("test");
+ categoryRepo.save(test);
+ categoryManager.addSubCategoryToCategory(test, categories);
+ });
}
}
diff --git a/ccm-core/src/test/java/org/libreccm/categorization/CategoryRepositoryTest.java b/ccm-core/src/test/java/org/libreccm/categorization/CategoryRepositoryTest.java
index 1e0944bb4..4328b4745 100644
--- a/ccm-core/src/test/java/org/libreccm/categorization/CategoryRepositoryTest.java
+++ b/ccm-core/src/test/java/org/libreccm/categorization/CategoryRepositoryTest.java
@@ -38,7 +38,6 @@ import org.jboss.arquillian.persistence.ShouldMatchDataSet;
import org.jboss.arquillian.persistence.UsingDataSet;
import org.jboss.arquillian.transaction.api.annotation.TransactionMode;
import org.jboss.arquillian.transaction.api.annotation.Transactional;
-import org.jboss.sasl.util.UsernamePasswordHashUtil;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.jboss.shrinkwrap.resolver.api.maven.Maven;
@@ -52,8 +51,6 @@ import org.junit.runner.RunWith;
import org.libreccm.security.Shiro;
import org.libreccm.tests.categories.IntegrationTest;
-import javax.ws.rs.NotAuthorizedException;
-
import static org.hamcrest.Matchers.*;
import static org.junit.Assert.*;
diff --git a/ccm-core/src/test/java/org/libreccm/categorization/DatasetsTest.java b/ccm-core/src/test/java/org/libreccm/categorization/DatasetsTest.java
index 8a69a580c..f2b0a9f4d 100644
--- a/ccm-core/src/test/java/org/libreccm/categorization/DatasetsTest.java
+++ b/ccm-core/src/test/java/org/libreccm/categorization/DatasetsTest.java
@@ -46,7 +46,6 @@ public class DatasetsTest extends DatasetsVerifier {
"/datasets/org/libreccm/categorization/CategoryManagerTest/after-remove-obj-from-category.yml",
"/datasets/org/libreccm/categorization/CategoryManagerTest/after-remove-subcategory.yml",
"/datasets/org/libreccm/categorization/CategoryManagerTest/data.yml",
- "/datasets/org/libreccm/categorization/CategoryManagerTest/data2.yml",
"/datasets/org/libreccm/categorization/CategoryRepositoryTest/data.yml",
"/datasets/org/libreccm/categorization/CategoryRepositoryTest/after-save-new-category.yml"
});
diff --git a/ccm-core/src/test/java/org/libreccm/configuration/ConfigurationManagerTest.java b/ccm-core/src/test/java/org/libreccm/configuration/ConfigurationManagerTest.java
index ac25dce60..12c8bcdf0 100644
--- a/ccm-core/src/test/java/org/libreccm/configuration/ConfigurationManagerTest.java
+++ b/ccm-core/src/test/java/org/libreccm/configuration/ConfigurationManagerTest.java
@@ -19,9 +19,12 @@
package org.libreccm.configuration;
import com.example.TestConfiguration;
+
import java.io.File;
import java.math.BigDecimal;
+
import javax.inject.Inject;
+
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.junit.Arquillian;
import org.jboss.arquillian.junit.InSequence;
@@ -43,6 +46,7 @@ import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
+import org.libreccm.security.Shiro;
import org.libreccm.tests.categories.IntegrationTest;
import static org.hamcrest.Matchers.*;
@@ -62,6 +66,9 @@ public class ConfigurationManagerTest {
@Inject
private ConfigurationManager configurationManager;
+ @Inject
+ private Shiro shiro;
+
public ConfigurationManagerTest() {
}
@@ -85,10 +92,10 @@ public class ConfigurationManagerTest {
@Deployment
public static WebArchive createDeployment() {
final PomEquippedResolveStage pom = Maven
- .resolver()
- .loadPomFromFile("pom.xml");
+ .resolver()
+ .loadPomFromFile("pom.xml");
final PomEquippedResolveStage dependencies = pom
- .importCompileAndRuntimeDependencies();
+ .importCompileAndRuntimeDependencies();
final File[] libs = dependencies.resolve().withTransitivity().asFile();
for (File lib : libs) {
@@ -97,37 +104,41 @@ public class ConfigurationManagerTest {
}
return ShrinkWrap
- .create(WebArchive.class,
- "LibreCCM-org.libreccm.configuration."
- + "ConfigurationManagerTest.war")
- .addPackage(org.libreccm.categorization.Categorization.class.
- getPackage())
- .addPackage(org.libreccm.configuration.Configuration.class.
- getPackage())
- .addPackage(org.libreccm.core.CcmObject.class.getPackage())
- .addPackage(org.libreccm.jpa.EntityManagerProducer.class.
- getPackage())
- .addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class.
- getPackage())
- .addPackage(org.libreccm.l10n.LocalizedString.class
- .getPackage())
- .addPackage(org.libreccm.security.Permission.class.getPackage())
- .addPackage(org.libreccm.web.CcmApplication.class.getPackage())
- .addPackage(org.libreccm.workflow.Workflow.class.getPackage())
- .addPackage(org.libreccm.tests.categories.IntegrationTest.class.
- getPackage())
- .addPackage(org.libreccm.testutils.EqualsVerifier.class.
- getPackage())
- .addClass(com.example.TestConfiguration.class)
- .addAsLibraries(libs)
- .addAsResource("test-persistence.xml",
- "META-INF/persistence.xml")
- .addAsResource(
- "configs/org/libreccm/configuration/ConfigurationManagerTest/"
- + "log4j2.xml",
- "log4j2.xml")
- .addAsWebInfResource("test-web.xml", "WEB-INF/web.xml")
- .addAsWebInfResource(EmptyAsset.INSTANCE, "WEB-INF/beans.xml");
+ .create(WebArchive.class,
+ "LibreCCM-org.libreccm.configuration."
+ + "ConfigurationManagerTest.war")
+ .addPackage(org.libreccm.categorization.Categorization.class
+ .getPackage())
+ .addPackage(org.libreccm.configuration.Configuration.class
+ .getPackage())
+ .addPackage(org.libreccm.core.CcmObject.class.getPackage())
+ .addPackage(org.libreccm.jpa.EntityManagerProducer.class
+ .getPackage())
+ .addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class
+ .getPackage())
+ .addPackage(org.libreccm.l10n.LocalizedString.class
+ .getPackage())
+ .addPackage(org.libreccm.security.Permission.class.getPackage())
+ .addPackage(org.libreccm.web.CcmApplication.class.getPackage())
+ .addPackage(org.libreccm.workflow.Workflow.class.getPackage())
+ .addPackage(org.libreccm.tests.categories.IntegrationTest.class
+ .getPackage())
+ .addPackage(org.libreccm.testutils.EqualsVerifier.class.
+ getPackage())
+ .addClass(com.example.TestConfiguration.class)
+ .addClass(com.arsdigita.kernel.KernelConfig.class)
+ .addClass(com.arsdigita.kernel.security.SecurityConfig.class)
+ .addPackage(org.libreccm.cdi.utils.CdiUtil.class.getPackage())
+ .addAsLibraries(libs)
+ .addAsResource("configs/shiro.ini", "shiro.ini")
+ .addAsResource("test-persistence.xml",
+ "META-INF/persistence.xml")
+ .addAsResource(
+ "configs/org/libreccm/configuration/ConfigurationManagerTest/"
+ + "log4j2.xml",
+ "log4j2.xml")
+ .addAsWebInfResource("test-web.xml", "web.xml")
+ .addAsWebInfResource("META-INF/beans.xml", "beans.xml");
}
@Test
@@ -138,7 +149,7 @@ public class ConfigurationManagerTest {
@Test
@UsingDataSet(
- "datasets/org/libreccm/configuration/ConfigurationManagerTest/data.yml")
+ "datasets/org/libreccm/configuration/ConfigurationManagerTest/data.yml")
@InSequence(2)
public void datasetOnly() {
System.out.println("Dataset loaded successfully.");
@@ -146,11 +157,11 @@ public class ConfigurationManagerTest {
@Test
@UsingDataSet(
- "datasets/org/libreccm/configuration/ConfigurationManagerTest/data.yml")
+ "datasets/org/libreccm/configuration/ConfigurationManagerTest/data.yml")
@InSequence(1100)
public void loadConfiguration() {
final ExampleConfiguration configuration = configurationManager
- .findConfiguration(ExampleConfiguration.class);
+ .findConfiguration(ExampleConfiguration.class);
assertThat(configuration, is(not(nullValue())));
assertThat(configuration.getPrice(),
@@ -167,29 +178,30 @@ public class ConfigurationManagerTest {
@Test
@UsingDataSet(
- "datasets/org/libreccm/configuration/ConfigurationManagerTest/data.yml")
+ "datasets/org/libreccm/configuration/ConfigurationManagerTest/data.yml")
@ShouldMatchDataSet(
- "datasets/org/libreccm/configuration/ConfigurationManagerTest/"
- + "after-save-changed.yml")
+ "datasets/org/libreccm/configuration/ConfigurationManagerTest/"
+ + "after-save-changed.yml")
@InSequence(1200)
public void saveConfiguration() {
final ExampleConfiguration configuration = configurationManager
- .findConfiguration(ExampleConfiguration.class);
+ .findConfiguration(ExampleConfiguration.class);
configuration.setPrice(new BigDecimal("109.99"));
configuration.setItemsPerPage(30L);
configuration.addLanguage("es");
- configurationManager.saveConfiguration(configuration);
+ shiro.getSystemUser().execute(
+ () -> configurationManager.saveConfiguration(configuration));
}
@Test
@UsingDataSet(
- "datasets/org/libreccm/configuration/ConfigurationManagerTest/data.yml")
+ "datasets/org/libreccm/configuration/ConfigurationManagerTest/data.yml")
@InSequence(2100)
public void loadNewConfiguration() {
final TestConfiguration configuration = configurationManager
- .findConfiguration(TestConfiguration.class);
+ .findConfiguration(TestConfiguration.class);
assertThat(configuration, is(not(nullValue())));
assertThat(configuration.getEnabled(), is(false));
@@ -198,14 +210,16 @@ public class ConfigurationManagerTest {
@Test
@UsingDataSet(
- "datasets/org/libreccm/configuration/ConfigurationManagerTest/data.yml")
+ "datasets/org/libreccm/configuration/ConfigurationManagerTest/data.yml")
@ShouldMatchDataSet(
- value = "datasets/org/libreccm/configuration/"
- + "ConfigurationManagerTest/after-save-new.yml",
- excludeColumns = {"setting_id"})
+ value = "datasets/org/libreccm/configuration/"
+ + "ConfigurationManagerTest/after-save-new.yml",
+ excludeColumns = {"setting_id"})
@InSequence(2200)
public void saveNewConfiguration() {
- configurationManager.saveConfiguration(new TestConfiguration());
+ shiro.getSystemUser().execute(
+ () -> configurationManager.saveConfiguration(
+ new TestConfiguration()));
}
}
diff --git a/ccm-core/src/test/java/org/libreccm/security/ChallengeManagerTest.java b/ccm-core/src/test/java/org/libreccm/security/ChallengeManagerTest.java
index 89d73b089..ebac232bd 100644
--- a/ccm-core/src/test/java/org/libreccm/security/ChallengeManagerTest.java
+++ b/ccm-core/src/test/java/org/libreccm/security/ChallengeManagerTest.java
@@ -18,6 +18,7 @@
*/
package org.libreccm.security;
+import org.apache.shiro.subject.ExecutionException;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.container.test.api.ShouldThrowException;
import org.jboss.arquillian.junit.Arquillian;
@@ -73,6 +74,9 @@ public class ChallengeManagerTest {
@Inject
private ServletContext servletContext;
+ @Inject
+ private Shiro shiro;
+
public ChallengeManagerTest() {
}
@@ -113,33 +117,37 @@ public class ChallengeManagerTest {
.addPackage(com.arsdigita.util.Assert.class.getPackage())
.addClass(com.arsdigita.util.servlet.HttpHost.class)
.addPackage(com.arsdigita.web.URL.class.getPackage())
- .addPackage(org.libreccm.security.OneTimeAuthManager.class.
- getPackage())
+ .addPackage(org.libreccm.security.OneTimeAuthManager.class
+ .getPackage())
.addPackage(org.libreccm.core.CcmObject.class.getPackage())
- .addPackage(org.libreccm.categorization.Categorization.class.
- getPackage())
+ .addPackage(org.libreccm.categorization.Categorization.class
+ .getPackage())
.addPackage(org.libreccm.cdi.utils.CdiUtil.class.getPackage())
.addPackage(
- org.libreccm.configuration.ConfigurationManager.class.
- getPackage())
+ org.libreccm.configuration.ConfigurationManager.class
+ .getPackage())
.addClass(com.arsdigita.kernel.KernelConfig.class)
.addClass(com.arsdigita.kernel.security.SecurityConfig.class)
.addPackage(org.libreccm.l10n.LocalizedString.class.getPackage())
.addPackage(org.libreccm.web.CcmApplication.class.getPackage())
.addPackage(org.libreccm.workflow.Workflow.class.getPackage())
- .addPackage(org.libreccm.jpa.EntityManagerProducer.class.
- getPackage())
- .addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class.
- getPackage())
- .addPackage(org.libreccm.testutils.EqualsVerifier.class.
- getPackage())
- .addPackage(org.libreccm.tests.categories.IntegrationTest.class.
- getPackage())
+ .addPackage(org.libreccm.jpa.EntityManagerProducer.class
+ .getPackage())
+ .addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class
+ .getPackage())
+ .addPackage(org.libreccm.testutils.EqualsVerifier.class
+ .getPackage())
+ .addPackage(org.libreccm.tests.categories.IntegrationTest.class
+ .getPackage())
+ .addPackage(org.libreccm.cdi.utils.CdiUtil.class.getPackage())
+ .addClass(com.arsdigita.kernel.KernelConfig.class)
+ .addClass(com.arsdigita.kernel.security.SecurityConfig.class)
.addAsLibraries(libs)
+ .addAsResource("configs/shiro.ini", "shiro.ini")
.addAsResource("test-persistence.xml",
"META-INF/persistence.xml")
- .addAsWebInfResource("test-web.xml", "WEB-INF/web.xml")
- .addAsWebInfResource(EmptyAsset.INSTANCE, "WEB-INF/beans.xml");
+ .addAsWebInfResource("test-web.xml", "web.xml")
+ .addAsWebInfResource("META-INF/beans.xml", "beans.xml");
}
@Test
@@ -176,7 +184,9 @@ public class ChallengeManagerTest {
// path);
final User user = userRepository.findByName("mmuster");
- final String mail = challengeManager.createEmailVerification(user);
+ final String mail = shiro.getSystemUser().execute(() -> {
+ return challengeManager.createEmailVerification(user);
+ });
assertThat(mail, is(not(nullValue())));
assertThat(mail.isEmpty(), is(false));
@@ -192,8 +202,13 @@ public class ChallengeManagerTest {
@UsingDataSet("datasets/org/libreccm/security/ChallengeManagerTest/data.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(1200)
- public void createEmailVerificationNullUser() {
- challengeManager.createEmailVerification(null);
+ public void createEmailVerificationNullUser() throws Throwable {
+ try {
+ shiro.getSystemUser().execute(
+ () -> challengeManager.createEmailVerification(null));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test
@@ -205,9 +220,12 @@ public class ChallengeManagerTest {
@InSequence(1300)
public void finishEmailVerification() throws ChallengeFailedException {
final User user = userRepository.findByName("mmuster");
- challengeManager.finishEmailVerification(
- user,
- "biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi");
+ shiro.getSystemUser().execute(() -> {
+ challengeManager.finishEmailVerification(
+ user,
+ "biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi");
+ return null;
+ });
}
@Test(expected = IllegalArgumentException.class)
@@ -219,11 +237,18 @@ public class ChallengeManagerTest {
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(1400)
public void finishEmailVerificationNullUser()
- throws ChallengeFailedException {
+ throws Throwable {
- challengeManager.finishEmailVerification(
- null,
- "biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi");
+ try {
+ shiro.getSystemUser().execute(() -> {
+ challengeManager.finishEmailVerification(
+ null,
+ "biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi");
+ return null;
+ });
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@@ -235,11 +260,17 @@ public class ChallengeManagerTest {
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(1500)
public void finishEmailVerificationNullToken()
- throws ChallengeFailedException {
+ throws Throwable {
final User user = userRepository.findByName("mmuster");
- challengeManager.finishEmailVerification(
- user, null);
+ try {
+ shiro.getSystemUser().execute(() -> {
+ challengeManager.finishEmailVerification(user, null);
+ return null;
+ });
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test
@@ -262,7 +293,9 @@ public class ChallengeManagerTest {
// path);
final User user = userRepository.findByName("mmuster");
- final String mail = challengeManager.createAccountActivation(user);
+ final String mail = shiro.getSystemUser().execute(() -> {
+ return challengeManager.createAccountActivation(user);
+ });
assertThat(mail, is(not(nullValue())));
assertThat(mail.isEmpty(), is(false));
@@ -273,8 +306,13 @@ public class ChallengeManagerTest {
@UsingDataSet("datasets/org/libreccm/security/ChallengeManagerTest/data.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(2200)
- public void createAccountActivationNullUser() {
- challengeManager.createAccountActivation(null);
+ public void createAccountActivationNullUser() throws Throwable {
+ try {
+ shiro.getSystemUser().execute(
+ () -> challengeManager.createAccountActivation(null));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test
@@ -284,11 +322,18 @@ public class ChallengeManagerTest {
value = "datasets/org/libreccm/security/ChallengeManagerTest/"
+ "after-finish-account-activation.xml")
@InSequence(2300)
- public void finishAccountActivation() throws ChallengeFailedException {
+ public void finishAccountActivation() throws Throwable {
final User user = userRepository.findByName("mmuster");
- challengeManager.finishAccountActivation(
- user,
- "biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi");
+ try {
+ shiro.getSystemUser().execute(() -> {
+ challengeManager.finishAccountActivation(
+ user,
+ "biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi");
+ return null;
+ });
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@@ -299,11 +344,17 @@ public class ChallengeManagerTest {
+ "finish-account-activation.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(2400)
- public void finishAccountActivationNullUser() throws
- ChallengeFailedException {
- challengeManager.finishAccountActivation(
- null,
- "biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi");
+ public void finishAccountActivationNullUser() throws Throwable {
+ try {
+ shiro.getSystemUser().execute(() -> {
+ challengeManager.finishAccountActivation(
+ null,
+ "biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi");
+ return null;
+ });
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@@ -314,12 +365,17 @@ public class ChallengeManagerTest {
+ "finish-account-activation.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(2400)
- public void finishAccountActivationNullToken() throws
- ChallengeFailedException {
+ public void finishAccountActivationNullToken() throws Throwable {
- final User user = userRepository.findByName("mmuster");
- challengeManager.finishAccountActivation(
- user, null);
+ try {
+ final User user = userRepository.findByName("mmuster");
+ shiro.getSystemUser().execute(() -> {
+ challengeManager.finishAccountActivation(user, null);
+ return null;
+ });
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test
@@ -343,7 +399,9 @@ public class ChallengeManagerTest {
// path);
final User user = userRepository.findByName("mmuster");
- final String mail = challengeManager.createPasswordRecover(user);
+ final String mail = shiro.getSystemUser().execute(() -> {
+ return challengeManager.createPasswordRecover(user);
+ });
assertThat(mail, is(not(nullValue())));
assertThat(mail.isEmpty(), is(false));
@@ -354,8 +412,15 @@ public class ChallengeManagerTest {
@UsingDataSet("datasets/org/libreccm/security/ChallengeManagerTest/data.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(3200)
- public void createPasswordRecoverNullUser() {
- challengeManager.createPasswordRecover(null);
+ public void createPasswordRecoverNullUser() throws Throwable {
+ try {
+ shiro.getSystemUser().execute(() -> {
+ challengeManager.createPasswordRecover(null);
+ return null;
+ });
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test
@@ -368,10 +433,13 @@ public class ChallengeManagerTest {
@InSequence(3300)
public void finishPasswordRecover() throws ChallengeFailedException {
final User user = userRepository.findByName("mmuster");
- challengeManager.finishPasswordRecover(
- user,
- "biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi",
- "new-password");
+ shiro.getSystemUser().execute(() -> {
+ challengeManager.finishPasswordRecover(
+ user,
+ "biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi",
+ "new-password");
+ return null;
+ });
final User after = userRepository.findByName("mmuster");
assertThat(userManager.verifyPassword(after, "new-password"), is(true));
@@ -385,11 +453,18 @@ public class ChallengeManagerTest {
+ "finish-password-recovery.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(3400)
- public void finishPasswordRecoverNullUser() throws ChallengeFailedException {
- challengeManager.finishPasswordRecover(
- null,
- "biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi",
- "new-password");
+ public void finishPasswordRecoverNullUser() throws Throwable {
+ try {
+ shiro.getSystemUser().execute(() -> {
+ challengeManager.finishPasswordRecover(
+ null,
+ "biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi",
+ "new-password");
+ return null;
+ });
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@@ -400,11 +475,18 @@ public class ChallengeManagerTest {
+ "finish-password-recovery.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(3400)
- public void finishPasswordRecoverNullToken()
- throws ChallengeFailedException {
+ public void finishPasswordRecoverNullToken() throws Throwable {
+
final User user = userRepository.findByName("mmuster");
- challengeManager.finishPasswordRecover(
- user, null, "new-password");
+ try {
+ shiro.getSystemUser().execute(() -> {
+ challengeManager.finishPasswordRecover(
+ user, null, "new-password");
+ return null;
+ });
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@@ -415,13 +497,20 @@ public class ChallengeManagerTest {
+ "finish-password-recovery.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(3500)
- public void finishPasswordRecoverNullPassword()
- throws ChallengeFailedException {
+ public void finishPasswordRecoverNullPassword() throws Throwable {
final User user = userRepository.findByName("mmuster");
- challengeManager.finishPasswordRecover(
- user,
- "biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi",
- null);
+
+ try {
+ shiro.getSystemUser().execute(() -> {
+ challengeManager.finishPasswordRecover(
+ user,
+ "biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi",
+ null);
+ return null;
+ });
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@@ -432,13 +521,19 @@ public class ChallengeManagerTest {
+ "finish-password-recovery.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(3600)
- public void finishPasswordRecoverEmptyPassword()
- throws ChallengeFailedException {
+ public void finishPasswordRecoverEmptyPassword() throws Throwable {
final User user = userRepository.findByName("mmuster");
- challengeManager.finishPasswordRecover(
- user,
- "biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi",
- "");
+ try {
+ shiro.getSystemUser().execute(() -> {
+ challengeManager.finishPasswordRecover(
+ user,
+ "biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi",
+ "");
+ return null;
+ });
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
}
diff --git a/ccm-core/src/test/java/org/libreccm/security/GroupManagerTest.java b/ccm-core/src/test/java/org/libreccm/security/GroupManagerTest.java
index 8328df651..5e79ff713 100644
--- a/ccm-core/src/test/java/org/libreccm/security/GroupManagerTest.java
+++ b/ccm-core/src/test/java/org/libreccm/security/GroupManagerTest.java
@@ -18,6 +18,7 @@
*/
package org.libreccm.security;
+import org.apache.shiro.subject.ExecutionException;
import java.io.File;
@@ -70,6 +71,9 @@ public class GroupManagerTest {
@Inject
private UserRepository userRepository;
+ @Inject
+ private Shiro shiro;
+
public GroupManagerTest() {
}
@@ -119,19 +123,23 @@ public class GroupManagerTest {
.addPackage(org.libreccm.security.User.class.getPackage())
.addPackage(org.libreccm.tests.categories.IntegrationTest.class
.getPackage())
- .addPackage(org.libreccm.testutils.EqualsVerifier.class.getPackage())
+ .addPackage(org.libreccm.testutils.EqualsVerifier.class
+ .getPackage())
.addPackage(org.libreccm.web.CcmApplication.class.getPackage())
.addPackage(org.libreccm.workflow.Workflow.class.getPackage())
.addPackage(com.arsdigita.kernel.security.SecurityConfig.class
.getPackage())
.addPackage(com.arsdigita.util.UncheckedWrapperException.class
.getPackage())
+ .addPackage(org.libreccm.cdi.utils.CdiUtil.class.getPackage())
+ .addClass(com.arsdigita.kernel.KernelConfig.class)
+ .addClass(com.arsdigita.kernel.security.SecurityConfig.class)
.addAsLibraries(libs)
.addAsResource("test-persistence.xml",
"META-INF/persistence.xml")
.addAsWebInfResource("test-web.xml", "web.xml")
.addAsResource("configs/shiro.ini", "shiro.ini")
- .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml");
+ .addAsWebInfResource("META-INF/beans.xml", "beans.xml");
}
@Test
@@ -165,28 +173,40 @@ public class GroupManagerTest {
final User jdoe = userRepository.findByName("jdoe");
final User mmuster = userRepository.findByName("mmuster");
- groupManager.addMemberToGroup(mmuster, admins);
- groupManager.addMemberToGroup(jdoe, editors);
+ shiro.getSystemUser().execute(() -> {
+ groupManager.addMemberToGroup(mmuster, admins);
+ groupManager.addMemberToGroup(jdoe, editors);
+ });
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/security/GroupManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(210)
- public void addNullUserToGroup() {
+ public void addNullUserToGroup() throws Throwable {
final Group admins = groupRepository.findByName("admins");
- groupManager.addMemberToGroup(null, admins);
+ try {
+ shiro.getSystemUser().execute(
+ () -> groupManager.addMemberToGroup(null, admins));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/security/GroupManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(220)
- public void addUserToGroupNull() {
+ public void addUserToGroupNull() throws Throwable {
final User jdoe = userRepository.findByName("jdoe");
- groupManager.addMemberToGroup(jdoe, null);
+ try {
+ shiro.getSystemUser().execute(
+ () -> groupManager.addMemberToGroup(jdoe, null));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test
@@ -198,7 +218,8 @@ public class GroupManagerTest {
final Group admins = groupRepository.findByName("admins");
final User jdoe = userRepository.findByName("jdoe");
- groupManager.addMemberToGroup(jdoe, admins);
+ shiro.getSystemUser().execute(
+ () -> groupManager.addMemberToGroup(jdoe, admins));
}
@Test
@@ -216,28 +237,40 @@ public class GroupManagerTest {
assertThat(admins.getMemberships().size(), is(1));
assertThat(users.getMemberships().size(), is(2));
- groupManager.removeMemberFromGroup(jdoe, admins);
- groupManager.removeMemberFromGroup(mmuster, users);
+ shiro.getSystemUser().execute(() -> {
+ groupManager.removeMemberFromGroup(jdoe, admins);
+ groupManager.removeMemberFromGroup(mmuster, users);
+ });
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/security/GroupManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(310)
- public void removeUserNullFromGroup() {
+ public void removeUserNullFromGroup() throws Throwable {
final Group admins = groupRepository.findByName("admins");
- groupManager.removeMemberFromGroup(null, admins);
+ try {
+ shiro.getSystemUser().execute(
+ () -> groupManager.removeMemberFromGroup(null, admins));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/security/GroupManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(320)
- public void removeUserFromGroupNull() {
+ public void removeUserFromGroupNull() throws Throwable {
final User jdoe = userRepository.findByName("jdoe");
- groupManager.removeMemberFromGroup(jdoe, null);
+ try {
+ shiro.getSystemUser().execute(
+ () -> groupManager.removeMemberFromGroup(jdoe, null));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test
@@ -249,7 +282,8 @@ public class GroupManagerTest {
final Group admins = groupRepository.findByName("admins");
final User mmuster = userRepository.findByName("mmuster");
- groupManager.removeMemberFromGroup(mmuster, admins);
+ shiro.getSystemUser().execute(
+ () -> groupManager.removeMemberFromGroup(mmuster, admins));
}
}
diff --git a/ccm-core/src/test/java/org/libreccm/security/OneTimeAuthManagerTest.java b/ccm-core/src/test/java/org/libreccm/security/OneTimeAuthManagerTest.java
index 4ad8771a9..954df9f04 100644
--- a/ccm-core/src/test/java/org/libreccm/security/OneTimeAuthManagerTest.java
+++ b/ccm-core/src/test/java/org/libreccm/security/OneTimeAuthManagerTest.java
@@ -18,6 +18,8 @@
*/
package org.libreccm.security;
+import org.apache.shiro.subject.ExecutionException;
+
import java.io.File;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
@@ -72,6 +74,9 @@ public class OneTimeAuthManagerTest {
@Inject
private UserRepository userRepository;
+ @Inject
+ private Shiro shiro;
+
public OneTimeAuthManagerTest() {
}
@@ -109,31 +114,34 @@ public class OneTimeAuthManagerTest {
return ShrinkWrap
.create(WebArchive.class,
"LibreCCM-org.libreccm.security.OneTimeAuthManagerTest.war")
- .addPackage(org.libreccm.security.OneTimeAuthManager.class.
- getPackage())
+ .addPackage(org.libreccm.security.OneTimeAuthManager.class
+ .getPackage())
.addPackage(org.libreccm.core.CcmObject.class.getPackage())
- .addPackage(org.libreccm.categorization.Categorization.class.
- getPackage())
- .addPackage(
- org.libreccm.configuration.ConfigurationManager.class.
- getPackage())
- .addPackage(org.libreccm.l10n.LocalizedString.class.getPackage()).
- addPackage(org.libreccm.web.CcmApplication.class.getPackage())
+ .addPackage(org.libreccm.categorization.Categorization.class
+ .getPackage())
+ .addPackage(org.libreccm.configuration.ConfigurationManager.class
+ .getPackage())
+ .addPackage(org.libreccm.l10n.LocalizedString.class.getPackage())
+ .addPackage(org.libreccm.web.CcmApplication.class.getPackage())
.addPackage(org.libreccm.workflow.Workflow.class.getPackage())
- .addPackage(org.libreccm.jpa.EntityManagerProducer.class.
- getPackage())
- .addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class.
- getPackage())
+ .addPackage(org.libreccm.jpa.EntityManagerProducer.class
+ .getPackage())
+ .addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class
+ .getPackage())
+ .addClass(com.arsdigita.kernel.security.SecurityConfig.class)
+ .addPackage(org.libreccm.testutils.EqualsVerifier.class
+ .getPackage())
+ .addPackage(org.libreccm.tests.categories.IntegrationTest.class
+ .getPackage())
+ .addPackage(org.libreccm.cdi.utils.CdiUtil.class.getPackage())
+ .addClass(com.arsdigita.kernel.KernelConfig.class)
.addClass(com.arsdigita.kernel.security.SecurityConfig.class)
- .addPackage(org.libreccm.testutils.EqualsVerifier.class.
- getPackage())
- .addPackage(org.libreccm.tests.categories.IntegrationTest.class.
- getPackage())
.addAsLibraries(libs)
+ .addAsResource("configs/shiro.ini", "shiro.ini")
.addAsResource("test-persistence.xml",
"META-INF/persistence.xml")
- .addAsWebInfResource("test-web.xml", "WEB-INF/web.xml")
- .addAsWebInfResource(EmptyAsset.INSTANCE, "WEB-INF/beans.xml");
+ .addAsWebInfResource("test-web.xml", "web.xml")
+ .addAsWebInfResource("META-INF/beans.xml", "beans.xml");
}
@Test
@@ -152,9 +160,11 @@ public class OneTimeAuthManagerTest {
@InSequence(100)
public void createTokenForUser() {
final User mmuster = userRepository.findByName("mmuster");
- final OneTimeAuthToken token = oneTimeAuthManager.createForUser(
- mmuster,
- OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
+ final OneTimeAuthToken token = shiro.getSystemUser().execute(() -> {
+ return oneTimeAuthManager.createForUser(
+ mmuster,
+ OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
+ });
final LocalDateTime now = LocalDateTime.now(ZoneOffset.UTC);
final LocalDateTime tokenValidUntil = LocalDateTime.ofInstant(
@@ -176,9 +186,14 @@ public class OneTimeAuthManagerTest {
"datasets/org/libreccm/security/OneTimeAuthManagerTest/data.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(200)
- public void createTokenNullUser() {
- oneTimeAuthManager.createForUser(
- null, OneTimeAuthTokenPurpose.RECOVER_PASSWORD);
+ public void createTokenNullUser() throws Throwable {
+ try {
+ shiro.getSystemUser().execute(
+ () -> oneTimeAuthManager.createForUser(
+ null, OneTimeAuthTokenPurpose.RECOVER_PASSWORD));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@@ -186,9 +201,14 @@ public class OneTimeAuthManagerTest {
"datasets/org/libreccm/security/OneTimeAuthManagerTest/data.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(300)
- public void createTokenNullPurpose() {
+ public void createTokenNullPurpose() throws Throwable {
final User user = new User();
- oneTimeAuthManager.createForUser(user, null);
+ try {
+ shiro.getSystemUser().execute(() -> oneTimeAuthManager
+ .createForUser(user, null));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test
@@ -198,9 +218,11 @@ public class OneTimeAuthManagerTest {
public void retrieveTokenForUser() {
final User jdoe = userRepository.findByName("jdoe");
- final List result = oneTimeAuthManager.
- retrieveForUser(
- jdoe, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
+ final List result = shiro.getSystemUser().execute(
+ () -> {
+ return oneTimeAuthManager.retrieveForUser(
+ jdoe, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
+ });
assertThat(result, is(not(nullValue())));
assertThat(result, is(not(empty())));
@@ -219,9 +241,11 @@ public class OneTimeAuthManagerTest {
public void retrieveNotExistingTokenForUser() {
final User mmuster = userRepository.findByName("mmuster");
- final List result = oneTimeAuthManager.
- retrieveForUser(
- mmuster, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
+ final List result = shiro.getSystemUser().execute(
+ () -> {
+ return oneTimeAuthManager.retrieveForUser(
+ mmuster, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
+ });
assertThat(result, is(empty()));
}
@@ -231,9 +255,14 @@ public class OneTimeAuthManagerTest {
"datasets/org/libreccm/security/OneTimeAuthManagerTest/data.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(600)
- public void retrieveTokenNullUser() {
- oneTimeAuthManager.retrieveForUser(
- null, OneTimeAuthTokenPurpose.RECOVER_PASSWORD);
+ public void retrieveTokenNullUser() throws Throwable {
+ try {
+ shiro.getSystemUser().execute(
+ () -> oneTimeAuthManager.retrieveForUser(
+ null, OneTimeAuthTokenPurpose.RECOVER_PASSWORD));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@@ -241,10 +270,15 @@ public class OneTimeAuthManagerTest {
"datasets/org/libreccm/security/OneTimeAuthManagerTest/data.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(700)
- public void retrieveTokenNullPurpose() {
+ public void retrieveTokenNullPurpose() throws Throwable {
final User mmuster = userRepository.findByName("mmuster");
- oneTimeAuthManager.retrieveForUser(mmuster, null);
+ try {
+ shiro.getSystemUser().execute(
+ () -> oneTimeAuthManager.retrieveForUser(mmuster, null));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test
@@ -254,10 +288,11 @@ public class OneTimeAuthManagerTest {
public void validTokenExistsForUser() {
final User user = userRepository.findByName("jdoe");
- assertThat(
- oneTimeAuthManager.validTokenExistsForUser(
- user, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION),
- is(true));
+ shiro.getSystemUser().execute(
+ () -> assertThat(
+ oneTimeAuthManager.validTokenExistsForUser(
+ user, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION),
+ is(true)));
}
@Test
@@ -267,10 +302,11 @@ public class OneTimeAuthManagerTest {
public void validTokenDoesNotExist() {
final User user = userRepository.findByName("mmuster");
- assertThat(
- oneTimeAuthManager.validTokenExistsForUser(
- user, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION),
- is(false));
+ shiro.getSystemUser().execute(
+ () -> assertThat(
+ oneTimeAuthManager.validTokenExistsForUser(
+ user, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION),
+ is(false)));
}
@Test(expected = IllegalArgumentException.class)
@@ -278,9 +314,14 @@ public class OneTimeAuthManagerTest {
"datasets/org/libreccm/security/OneTimeAuthManagerTest/data.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(1000)
- public void validTokenNullUser() {
- oneTimeAuthManager.validTokenExistsForUser(
- null, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
+ public void validTokenNullUser() throws Throwable {
+ try {
+ shiro.getSystemUser().execute(
+ () -> oneTimeAuthManager.validTokenExistsForUser(
+ null, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@@ -288,10 +329,14 @@ public class OneTimeAuthManagerTest {
"datasets/org/libreccm/security/OneTimeAuthManagerTest/data.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(1100)
- public void validTokenNullPurpose() {
- final User user = userRepository.findByName("mmuster");
- oneTimeAuthManager.validTokenExistsForUser(
- user, null);
+ public void validTokenNullPurpose() throws Throwable {
+ try {
+ final User user = userRepository.findByName("mmuster");
+ shiro.getSystemUser().execute(
+ () -> oneTimeAuthManager.validTokenExistsForUser(user, null));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test
@@ -301,12 +346,15 @@ public class OneTimeAuthManagerTest {
public void isValid() {
final User jdoe = userRepository.findByName("jdoe");
- final List result = oneTimeAuthManager.
- retrieveForUser(
- jdoe, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
-
+ final List result = shiro.getSystemUser().execute(
+ () -> {
+ return oneTimeAuthManager.retrieveForUser(
+ jdoe, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
+ });
assertThat(result, is(not(empty())));
- assertThat(oneTimeAuthManager.isValid(result.get(0)), is(true));
+ shiro.getSystemUser().execute(
+ () -> assertThat(oneTimeAuthManager.isValid(result.get(0)),
+ is(true)));
}
@Test
@@ -316,9 +364,11 @@ public class OneTimeAuthManagerTest {
public void isInvalid() {
final User jdoe = userRepository.findByName("jdoe");
- final List result = oneTimeAuthManager.
- retrieveForUser(
- jdoe, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
+ final List result = shiro.getSystemUser().execute(
+ () -> {
+ return oneTimeAuthManager.retrieveForUser(
+ jdoe, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
+ });
assertThat(result, is(not(empty())));
final OneTimeAuthToken token = result.get(0);
@@ -327,7 +377,8 @@ public class OneTimeAuthManagerTest {
.now(ZoneOffset.UTC).minus(1800, ChronoUnit.SECONDS);
token.setValidUntil(Date.from(date.toInstant(ZoneOffset.UTC)));
- assertThat(oneTimeAuthManager.isValid(token), is(false));
+ shiro.getSystemUser().execute(
+ () -> assertThat(oneTimeAuthManager.isValid(token), is(false)));
}
@@ -336,8 +387,13 @@ public class OneTimeAuthManagerTest {
"datasets/org/libreccm/security/OneTimeAuthManagerTest/data.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(1400)
- public void isValidNullToken() {
- oneTimeAuthManager.isValid(null);
+ public void isValidNullToken() throws Throwable {
+ try {
+ shiro.getSystemUser().execute(
+ () -> oneTimeAuthManager.isValid(null));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test
@@ -350,12 +406,15 @@ public class OneTimeAuthManagerTest {
public void invalidateToken() {
final User jdoe = userRepository.findByName("jdoe");
- final List result = oneTimeAuthManager.
- retrieveForUser(
- jdoe, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
+ final List result = shiro.getSystemUser().execute(
+ () -> {
+ return oneTimeAuthManager.retrieveForUser(
+ jdoe, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
+ });
assertThat(result, is(not(empty())));
- oneTimeAuthManager.invalidate(result.get(0));
+ shiro.getSystemUser().execute(
+ () -> oneTimeAuthManager.invalidate(result.get(0)));
}
@Test(expected = IllegalArgumentException.class)
@@ -364,7 +423,8 @@ public class OneTimeAuthManagerTest {
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(1400)
public void invalidateNullToken() {
- oneTimeAuthManager.invalidate(null);
+ shiro.getSystemUser().execute(
+ () -> oneTimeAuthManager.invalidate(null));
}
}
diff --git a/ccm-core/src/test/java/org/libreccm/security/PermissionManagerTest.java b/ccm-core/src/test/java/org/libreccm/security/PermissionManagerTest.java
index 0eea4b6d9..8b9670b13 100644
--- a/ccm-core/src/test/java/org/libreccm/security/PermissionManagerTest.java
+++ b/ccm-core/src/test/java/org/libreccm/security/PermissionManagerTest.java
@@ -18,7 +18,7 @@
*/
package org.libreccm.security;
-
+import org.apache.shiro.subject.ExecutionException;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.container.test.api.ShouldThrowException;
import org.jboss.arquillian.junit.Arquillian;
@@ -76,6 +76,9 @@ public class PermissionManagerTest {
@Inject
private EntityManager entityManager;
+ @Inject
+ private Shiro shiro;
+
public PermissionManagerTest() {
}
@@ -125,7 +128,8 @@ public class PermissionManagerTest {
.addPackage(org.libreccm.security.User.class.getPackage())
.addPackage(org.libreccm.tests.categories.IntegrationTest.class
.getPackage())
- .addPackage(org.libreccm.testutils.EqualsVerifier.class.getPackage())
+ .addPackage(org.libreccm.testutils.EqualsVerifier.class
+ .getPackage())
.addPackage(org.libreccm.web.CcmApplication.class.getPackage())
.addPackage(org.libreccm.workflow.Workflow.class.getPackage())
.addPackage(com.arsdigita.kernel.KernelConfig.class.getPackage())
@@ -133,12 +137,13 @@ public class PermissionManagerTest {
.getPackage())
.addPackage(com.arsdigita.util.UncheckedWrapperException.class
.getPackage())
+ .addPackage(org.libreccm.cdi.utils.CdiUtil.class.getPackage())
.addAsLibraries(libs)
.addAsResource("test-persistence.xml",
"META-INF/persistence.xml")
.addAsResource("configs/shiro.ini", "shiro.ini")
.addAsWebInfResource("test-web.xml", "web.xml")
- .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml");
+ .addAsWebInfResource("META-INF/beans.xml", "beans.xml");
}
@Test
@@ -171,8 +176,10 @@ public class PermissionManagerTest {
final Role role2 = roleRepository.findByName("role2");
final CcmObject object3 = ccmObjectRepository.findById(-20003L);
- permissionManager.grantPrivilege("privilege2", role2, object3);
- permissionManager.grantPrivilege("privilege3", role2);
+ shiro.getSystemUser().execute(() -> {
+ permissionManager.grantPrivilege("privilege2", role2, object3);
+ permissionManager.grantPrivilege("privilege3", role2);
+ });
}
@Test
@@ -186,8 +193,10 @@ public class PermissionManagerTest {
final Role role1 = roleRepository.findByName("role1");
final CcmObject object1 = ccmObjectRepository.findById(-20001L);
- permissionManager.grantPrivilege("privilege1", role1);
- permissionManager.grantPrivilege("privilege2", role1, object1);
+ shiro.getSystemUser().execute(() -> {
+ permissionManager.grantPrivilege("privilege1", role1);
+ permissionManager.grantPrivilege("privilege2", role1, object1);
+ });
}
@Test(expected = IllegalArgumentException.class)
@@ -195,10 +204,15 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(220)
- public void grantPermissionPrivilegeNull() {
+ public void grantPermissionPrivilegeNull() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
- permissionManager.grantPrivilege(null, role1);
+ try {
+ shiro.getSystemUser().execute(
+ () -> permissionManager.grantPrivilege(null, role1));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@@ -206,11 +220,16 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(225)
- public void grantPermissionOnObjectPrivilegeNull() {
+ public void grantPermissionOnObjectPrivilegeNull() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
final CcmObject object1 = ccmObjectRepository.findById(-20001L);
- permissionManager.grantPrivilege(null, role1, object1);
+ try {
+ shiro.getSystemUser().execute(
+ () -> permissionManager.grantPrivilege(null, role1, object1));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@@ -218,10 +237,15 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(230)
- public void grantPermissionEmptyPrivilege() {
+ public void grantPermissionEmptyPrivilege() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
- permissionManager.grantPrivilege("", role1);
+ try {
+ shiro.getSystemUser().execute(
+ () -> permissionManager.grantPrivilege("", role1));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@@ -229,11 +253,16 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(235)
- public void grantPermissionOnObjectEmptyPrivilege() {
+ public void grantPermissionOnObjectEmptyPrivilege() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
final CcmObject object1 = ccmObjectRepository.findById(-20001L);
- permissionManager.grantPrivilege("", role1, object1);
+ try {
+ shiro.getSystemUser().execute(
+ () -> permissionManager.grantPrivilege("", role1, object1));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@@ -241,8 +270,13 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(240)
- public void grantPermissionToRoleNull() {
- permissionManager.grantPrivilege("privilege", null);
+ public void grantPermissionToRoleNull() throws Throwable {
+ try {
+ shiro.getSystemUser().execute(
+ () -> permissionManager.grantPrivilege("privilege", null));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@@ -250,10 +284,17 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(240)
- public void grantPermissionOnObjectToRoleNull() {
+ public void grantPermissionOnObjectToRoleNull() throws Throwable {
final CcmObject object1 = ccmObjectRepository.findById(-20001L);
- permissionManager.grantPrivilege("privilege", null, object1);
+ try {
+ shiro.getSystemUser().execute(
+ () -> permissionManager.grantPrivilege("privilege",
+ null,
+ object1));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@@ -261,10 +302,17 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(250)
- public void grantPermissionNullObject() {
+ public void grantPermissionNullObject() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
- permissionManager.grantPrivilege("privilege1", role1, null);
+ try {
+ shiro.getSystemUser().execute(
+ () -> permissionManager.grantPrivilege("privilege1",
+ role1,
+ null));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test
@@ -279,8 +327,10 @@ public class PermissionManagerTest {
final Role role1 = roleRepository.findByName("role1");
final CcmObject object1 = ccmObjectRepository.findById(-20001L);
- permissionManager.revokePrivilege("privilege1", role1);
- permissionManager.revokePrivilege("privilege2", role1, object1);
+ shiro.getSystemUser().execute(() -> {
+ permissionManager.revokePrivilege("privilege1", role1);
+ permissionManager.revokePrivilege("privilege2", role1, object1);
+ });
}
@Test
@@ -290,10 +340,11 @@ public class PermissionManagerTest {
value = "datasets/org/libreccm/security/PermissionManagerTest/"
+ "data.yml")
@InSequence(310)
- public void revokeNotExistingPermission() {
+ public void revokeNotExistingPermission() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
- permissionManager.revokePrivilege("privilege999", role1);
+ shiro.getSystemUser().execute(
+ () -> permissionManager.revokePrivilege("privilege999", role1));
}
@Test
@@ -307,7 +358,10 @@ public class PermissionManagerTest {
final Role role1 = roleRepository.findByName("role1");
final CcmObject object1 = ccmObjectRepository.findById(-20001L);
- permissionManager.revokePrivilege("privilege999", role1, object1);
+ shiro.getSystemUser().execute(
+ () -> permissionManager.revokePrivilege("privilege999",
+ role1,
+ object1));
}
@Test(expected = IllegalArgumentException.class)
@@ -315,10 +369,15 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(320)
- public void revokePermissionPrivilegeNull() {
+ public void revokePermissionPrivilegeNull() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
- permissionManager.revokePrivilege(null, role1);
+ try {
+ shiro.getSystemUser().execute(
+ () -> permissionManager.revokePrivilege(null, role1));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@@ -326,11 +385,16 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(320)
- public void revokePermissionOnObjectPrivilegeNull() {
+ public void revokePermissionOnObjectPrivilegeNull() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
final CcmObject object1 = ccmObjectRepository.findById(-20001L);
- permissionManager.revokePrivilege(null, role1, object1);
+ try {
+ shiro.getSystemUser().execute(
+ () -> permissionManager.revokePrivilege(null, role1, object1));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@@ -338,31 +402,48 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(330)
- public void revokePermissionEmptyPrivilege() {
+ public void revokePermissionEmptyPrivilege() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
- permissionManager.revokePrivilege("", role1);
+ try {
+ shiro.getSystemUser().execute(
+ () -> permissionManager.revokePrivilege("", role1));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
- @Test(expected = IllegalArgumentException.class)
+ @Test(expected
+ = IllegalArgumentException.class)
@UsingDataSet(
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(320)
- public void revokePermissionOnObjectEmptyPrivilege() {
+ public void revokePermissionOnObjectEmptyPrivilege() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
final CcmObject object1 = ccmObjectRepository.findById(-20001L);
- permissionManager.revokePrivilege("", role1, object1);
+ try {
+ shiro.getSystemUser().execute(
+ () -> permissionManager.revokePrivilege("", role1, object1));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
- @Test(expected = IllegalArgumentException.class)
+ @Test(expected
+ = IllegalArgumentException.class)
@UsingDataSet(
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(340)
- public void revokePermissionFromRoleNull() {
- permissionManager.revokePrivilege("privilege1", null);
+ public void revokePermissionFromRoleNull() throws Throwable {
+ try {
+ shiro.getSystemUser().execute(
+ () -> permissionManager.revokePrivilege("privilege1", null));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@@ -370,22 +451,36 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(345)
- public void revokePermissionOnObjectFromRoleNull() {
+ public void revokePermissionOnObjectFromRoleNull() throws Throwable {
final CcmObject object1 = ccmObjectRepository.findById(-20001L);
- permissionManager.revokePrivilege("privilege1", null, object1);
+ try {
+ shiro.getSystemUser().execute(
+ () -> permissionManager.revokePrivilege("privilege1",
+ null,
+ object1));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
- @Test(expected = IllegalArgumentException.class)
+ @Test(expected
+ = IllegalArgumentException.class)
@UsingDataSet(
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(350)
- public void revokePermissionNullObject() {
+ public void revokePermissionNullObject() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
- permissionManager.revokePrivilege("privilege2", role1, null);
-
+ try {
+ shiro.getSystemUser().execute(
+ () -> permissionManager.revokePrivilege("privilege2",
+ role1,
+ null));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test
@@ -396,33 +491,46 @@ public class PermissionManagerTest {
+ "after-copy.yml",
excludeColumns = {"permission_id"})
@InSequence(400)
- public void copyPermissions() {
+ public void copyPermissions() throws Throwable {
final CcmObject object2 = ccmObjectRepository.findById(-20002L);
final CcmObject object3 = ccmObjectRepository.findById(-20003L);
- permissionManager.copyPermissions(object2, object3);
+ shiro.getSystemUser().execute(
+ () -> permissionManager.copyPermissions(object2, object3));
}
- @Test(expected = IllegalArgumentException.class)
+ @Test(expected
+ = IllegalArgumentException.class)
@UsingDataSet(
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(410)
- public void copyPermissionsNullSource() {
+ public void copyPermissionsNullSource() throws Throwable {
final CcmObject object3 = ccmObjectRepository.findById(-20003L);
- permissionManager.copyPermissions(null, object3);
+ try {
+ shiro.getSystemUser().execute(
+ () -> permissionManager.copyPermissions(null, object3));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
- @Test(expected = IllegalArgumentException.class)
+ @Test(expected
+ = IllegalArgumentException.class)
@UsingDataSet(
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(420)
- public void copyPermissionsNullTarget() {
+ public void copyPermissionsNullTarget() throws Throwable {
final CcmObject object2 = ccmObjectRepository.findById(-20002L);
- permissionManager.copyPermissions(object2, null);
+ try {
+ shiro.getSystemUser().execute(
+ () -> permissionManager.copyPermissions(object2, null));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
}
diff --git a/ccm-core/src/test/java/org/libreccm/security/RoleManagerTest.java b/ccm-core/src/test/java/org/libreccm/security/RoleManagerTest.java
index 1354806f8..0ba6d8437 100644
--- a/ccm-core/src/test/java/org/libreccm/security/RoleManagerTest.java
+++ b/ccm-core/src/test/java/org/libreccm/security/RoleManagerTest.java
@@ -18,6 +18,7 @@
*/
package org.libreccm.security;
+import org.apache.shiro.subject.ExecutionException;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.container.test.api.ShouldThrowException;
import org.jboss.arquillian.junit.Arquillian;
@@ -29,7 +30,6 @@ import org.jboss.arquillian.persistence.UsingDataSet;
import org.jboss.arquillian.transaction.api.annotation.TransactionMode;
import org.jboss.arquillian.transaction.api.annotation.Transactional;
import org.jboss.shrinkwrap.api.ShrinkWrap;
-import org.jboss.shrinkwrap.api.asset.EmptyAsset;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.jboss.shrinkwrap.resolver.api.maven.Maven;
import org.jboss.shrinkwrap.resolver.api.maven.PomEquippedResolveStage;
@@ -69,6 +69,9 @@ public class RoleManagerTest {
@Inject
private PartyRepository partyRepository;
+ @Inject
+ private Shiro shiro;
+
public RoleManagerTest() {
}
@@ -118,7 +121,8 @@ public class RoleManagerTest {
.addPackage(org.libreccm.security.User.class.getPackage())
.addPackage(org.libreccm.web.CcmApplication.class.getPackage())
.addPackage(org.libreccm.workflow.Workflow.class.getPackage())
- .addPackage(org.libreccm.testutils.EqualsVerifier.class.getPackage())
+ .addPackage(org.libreccm.testutils.EqualsVerifier.class
+ .getPackage())
.addPackage(org.libreccm.tests.categories.IntegrationTest.class
.getPackage())
.addPackage(com.arsdigita.kernel.KernelConfig.class.getPackage())
@@ -126,12 +130,13 @@ public class RoleManagerTest {
.getPackage())
.addPackage(com.arsdigita.util.UncheckedWrapperException.class
.getPackage())
+ .addPackage(org.libreccm.cdi.utils.CdiUtil.class.getPackage())
.addAsLibraries(libs)
.addAsResource("test-persistence.xml",
"META-INF/persistence.xml")
.addAsResource("configs/shiro.ini", "shiro.ini")
.addAsWebInfResource("test-web.xml", "web.xml")
- .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml");
+ .addAsWebInfResource("META-INF/beans.xml", "beans.xml");
}
@Test
@@ -153,28 +158,40 @@ public class RoleManagerTest {
final Party joe = partyRepository.findByName("joe");
final Party group1 = partyRepository.findByName("group1");
- roleManager.assignRoleToParty(role1, joe);
- roleManager.assignRoleToParty(role3, group1);
+ shiro.getSystemUser().execute(() -> {
+ roleManager.assignRoleToParty(role1, joe);
+ roleManager.assignRoleToParty(role3, group1);
+ });
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/security/RoleManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(210)
- public void assignRoleNullToParty() {
+ public void assignRoleNullToParty() throws Throwable {
final Party party = partyRepository.findByName("jdoe");
- roleManager.assignRoleToParty(null, party);
+ try {
+ shiro.getSystemUser().execute(
+ () -> roleManager.assignRoleToParty(null, party));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/security/RoleManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(220)
- public void assignRoleToPartyNull() {
+ public void assignRoleToPartyNull() throws Throwable {
final Role role = roleRepository.findByName("role1");
- roleManager.assignRoleToParty(role, null);
+ try {
+ shiro.getSystemUser().execute(
+ () -> roleManager.assignRoleToParty(role, null));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test
@@ -186,7 +203,8 @@ public class RoleManagerTest {
final Party jdoe = partyRepository.findByName("jdoe");
final Role role1 = roleRepository.findByName("role1");
- roleManager.assignRoleToParty(role1, jdoe);
+ shiro.getSystemUser().execute(
+ () -> roleManager.assignRoleToParty(role1, jdoe));
}
@Test
@@ -203,28 +221,39 @@ public class RoleManagerTest {
final Party jdoe = partyRepository.findByName("jdoe");
final Party group1 = partyRepository.findByName("group1");
- roleManager.removeRoleFromParty(role1, jdoe);
- roleManager.removeRoleFromParty(role2, group1);
+ shiro.getSystemUser().execute(() -> {
+ roleManager.removeRoleFromParty(role1, jdoe);
+ roleManager.removeRoleFromParty(role2, group1);
+ });
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/security/RoleManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(310)
- public void removeRoleNullFromParty() {
+ public void removeRoleNullFromParty() throws Throwable {
final Party party = partyRepository.findByName("jdoe");
- roleManager.removeRoleFromParty(null, party);
+ try {
+ shiro.getSystemUser().execute(
+ () -> roleManager.removeRoleFromParty(null, party));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/security/RoleManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(220)
- public void removeRoleFromPartyNull() {
+ public void removeRoleFromPartyNull() throws Throwable {
final Role role = roleRepository.findByName("role1");
-
- roleManager.removeRoleFromParty(role, null);
+ try {
+ shiro.getSystemUser().execute(
+ () -> roleManager.removeRoleFromParty(role, null));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
}
@Test
@@ -236,7 +265,8 @@ public class RoleManagerTest {
final Role role2 = roleRepository.findByName("role2");
final Party jdoe = partyRepository.findByName("jdoe");
- roleManager.removeRoleFromParty(role2, jdoe);
+ shiro.getSystemUser().execute(
+ () -> roleManager.removeRoleFromParty(role2, jdoe));
}
}
diff --git a/ccm-core/src/test/java/org/libreccm/security/UserManagerTest.java b/ccm-core/src/test/java/org/libreccm/security/UserManagerTest.java
index 832c0a5c7..fa846d3a1 100644
--- a/ccm-core/src/test/java/org/libreccm/security/UserManagerTest.java
+++ b/ccm-core/src/test/java/org/libreccm/security/UserManagerTest.java
@@ -18,6 +18,7 @@
*/
package org.libreccm.security;
+import org.apache.shiro.subject.ExecutionException;
import java.io.File;
@@ -39,7 +40,6 @@ import org.jboss.arquillian.test.spi.ArquillianProxyException;
import org.jboss.arquillian.transaction.api.annotation.TransactionMode;
import org.jboss.arquillian.transaction.api.annotation.Transactional;
import org.jboss.shrinkwrap.api.ShrinkWrap;
-import org.jboss.shrinkwrap.api.asset.EmptyAsset;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.jboss.shrinkwrap.resolver.api.maven.Maven;
import org.jboss.shrinkwrap.resolver.api.maven.PomEquippedResolveStage;
@@ -71,6 +71,9 @@ public class UserManagerTest {
@Inject
private UserRepository userRepository;
+ @Inject
+ private Shiro shiro;
+
public UserManagerTest() {
}
@@ -123,18 +126,20 @@ public class UserManagerTest {
.addPackage(org.libreccm.workflow.Workflow.class.getPackage())
.addPackage(org.libreccm.tests.categories.IntegrationTest.class
.getPackage())
- .addPackage(org.libreccm.testutils.EqualsVerifier.class.getPackage())
+ .addPackage(org.libreccm.testutils.EqualsVerifier.class
+ .getPackage())
.addPackage(com.arsdigita.kernel.KernelConfig.class.getPackage())
.addPackage(com.arsdigita.kernel.security.SecurityConfig.class
.getPackage())
.addPackage(com.arsdigita.util.UncheckedWrapperException.class
.getPackage())
+ .addPackage(org.libreccm.cdi.utils.CdiUtil.class.getPackage())
.addAsLibraries(libs)
.addAsResource("test-persistence.xml",
"META-INF/persistence.xml")
.addAsResource("configs/shiro.ini", "shiro.ini")
.addAsWebInfResource("test-web.xml", "web.xml")
- .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml");
+ .addAsWebInfResource("META-INF/beans.xml", "beans.xml");
}
@Test
@@ -170,11 +175,12 @@ public class UserManagerTest {
excludeColumns = {"party_id", "password"})
@InSequence(300)
public void createUser() {
- userManager.createUser("Jane",
- "Doe",
- "jane",
- "jane.doe@example.org",
- "foo456");
+ shiro.getSystemUser().execute(
+ () -> userManager.createUser("Jane",
+ "Doe",
+ "jane",
+ "jane.doe@example.org",
+ "foo456"));
final User jane2 = userRepository.findByName("jane");
assertThat(userManager.verifyPassword(jane2, "foo456"), is(true));
@@ -184,12 +190,17 @@ public class UserManagerTest {
@UsingDataSet("datasets/org/libreccm/security/UserManagerTest/data.yml")
@ShouldThrowException(ConstraintViolationException.class)
@InSequence(400)
- public void createUserWithInValidName() {
- userManager.createUser("Jane",
- "Doe",
- "j#ne",
- "jane.doe@example.org",
- "foo456");
+ public void createUserWithInValidName() throws Throwable {
+ try {
+ shiro.getSystemUser().execute(
+ () -> userManager.createUser("Jane",
+ "Doe",
+ "j#ne",
+ "jane.doe@example.org",
+ "foo456"));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
fail();
}
@@ -198,7 +209,8 @@ public class UserManagerTest {
@InSequence(500)
public void updatePassword() {
final User jdoe = userRepository.findByName("jdoe");
- userManager.updatePassword(jdoe, "foo456");
+ shiro.getSystemUser().execute(
+ () -> userManager.updatePassword(jdoe, "foo456"));
final User jdoe2 = userRepository.findByName("jdoe");
assertThat(userManager.verifyPassword(jdoe, "foo456"), is(true));
@@ -212,8 +224,13 @@ public class UserManagerTest {
@UsingDataSet("datasets/org/libreccm/security/UserManagerTest/data.yml")
@ShouldThrowException(ConstraintViolationException.class)
@InSequence(600)
- public void updatePasswordNullUser() {
- userManager.updatePassword(null, "foo");
+ public void updatePasswordNullUser() throws Throwable {
+ try {
+ shiro.getSystemUser().execute(
+ () -> userManager.updatePassword(null, "foo"));
+ } catch (ExecutionException ex) {
+ throw ex.getCause();
+ }
fail();
}
diff --git a/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryManagerTest/data.yml b/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryManagerTest/data.yml
index 12f16047f..62a9a9ae7 100644
--- a/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryManagerTest/data.yml
+++ b/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryManagerTest/data.yml
@@ -65,4 +65,74 @@ ccm_core.categorizations:
object_id: -3300
category_order: 1
object_order: 1
- category_index: false
\ No newline at end of file
+ category_index: false
+
+ccm_core.parties:
+ - party_id: -3000
+ name: public-user
+ - party_id: -3100
+ name: jdoe
+ - party_id: -3200
+ name: mmuster
+
+ccm_core.users:
+ - party_id: -3000
+ given_name: public
+ family_name: user
+ email_address: public-user@localhost
+ banned: false
+ bouncing: false
+ verified: true
+ password_reset_required: false
+ - party_id: -3100
+ given_name: Jane
+ family_name: Doe
+ email_address: jane.doe@example.org
+ # foo123
+ password: $shiro1$SHA-512$500000$Y7CnccN1h25sR7KCElMOXg==$CVLWBhetodaEzzhDfGjRcCFZtSW02xOnjH7xhBx0lbxO66grKIt6LWmXoUhLEydce1JZ7cbzNLYOxIwwTeqi5Q==
+ banned: false
+ bouncing: false
+ verified: true
+ password_reset_required: false
+ - party_id: -3200
+ given_name: Maria
+ family_name: Muster
+ email_address: mmuster@example.com
+ # foo123
+ password: $shiro1$SHA-512$500000$Y7CnccN1h25sR7KCElMOXg==$CVLWBhetodaEzzhDfGjRcCFZtSW02xOnjH7xhBx0lbxO66grKIt6LWmXoUhLEydce1JZ7cbzNLYOxIwwTeqi5Q==
+ banned: false
+ bouncing: false
+ verified: true
+ password_reset_required: false
+
+ccm_core.ccm_roles:
+ - role_id: -4000
+ name: domain_test_category_manager
+ - role_id: -4100
+ name: category_foo_manager
+
+ccm_core.role_memberships:
+ - membership_id: -5000
+ role_id: -4000
+ member_id: -3100
+ - membership_id: 5100
+ role_id: -4100
+ member_id: -3200
+
+ccm_core.permissions:
+ - permission_id: -6000
+ granted_privilege: manage_category
+ grantee_id: -4000
+ object_id: -2000
+ - permission_id: -6100
+ granted_privilege: manage_category_objects
+ grantee_id: -4000
+ object_id: -2000
+ - permission_id: -6200
+ granted_privilege: manage_category
+ grantee_id: -4100
+ object_id: -2100
+ - permission_id: -6300
+ granted_privilege: manage_category_objects
+ grantee_id: -4100
+ object_id: -2100
\ No newline at end of file
diff --git a/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryManagerTest/data2.yml b/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryManagerTest/data2.yml
deleted file mode 100644
index 8d9737d21..000000000
--- a/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryManagerTest/data2.yml
+++ /dev/null
@@ -1,79 +0,0 @@
-ccm_core.ccm_objects:
- - object_id: -1000
- display_name: test
- uuid: dc1788a7-79b3-4298-94f2-e23cba97301d
- - object_id: -2000
- display_name: test_root
- uuid: c78a2311-3751-4b69-b6ed-358b29571407
- - object_id: -2100
- display_name: foo
- uuid: 6b25f081-0144-419f-886c-1fcdfba2aa54
- - object_id: -2200
- display_name: bar
- uuid: dc76f9b8-f69f-408d-918a-bd80d4755166
- - object_id: -3100
- display_name: object1
- uuid: 2cd8b84e-3dc5-4268-98eb-e297f7f93cd4
- - object_id: -3200
- display_name: object2
- uuid: ce0c5964-f3ce-4d9e-93c8-7d57ce03a505
- - object_id: -3300
- display_name: object3
- uuid: c66c5063-8912-4dec-8195-a0b45161419d
- - object_id: -2300
- display_name: category-new
- uuid: 2b801a2c-0c0e-4a52-b17b-58fb5b775b09
-
-ccm_core.categories:
- - object_id: -2000
- unique_id: test0001
- name: test-root
- enabled: true
- visible: true
- abstract_category: false
- category_order: 0
- - object_id: -2100
- unique_id: test0002
- name: foo
- parent_category_id: -2000
- enabled: true
- visible: true
- abstract_category: false
- category_order: 0
- - object_id: -2200
- unique_id: test0003
- name: bar
- parent_category_id: -2100
- enabled: true
- visible: true
- abstract_category: false
- category_order: 0
- - object_id: -2300
- unique_id: catnew
- name: category-new
- enabled: true
- visible: true
- abstract_category: false
- category_order: 1
-
-
-ccm_core.category_domains:
- - object_id: -1000
- domain_key: test
- root_category_id: -2000
- uri: http://libreccm.org/test
- version: 1.0
-
-ccm_core.categorizations:
- - categorization_id: -10000
- category_id: -2100
- object_id: -3100
- object_order: 1
- category_order: 1
- category_index: false
- - categorization_id: -10100
- category_id: -2200
- object_id: -3300
- category_order: 1
- object_order: 1
- category_index: false
diff --git a/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryRepositoryTest/after-save-new-category.yml b/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryRepositoryTest/after-save-new-category.yml
index b84a18b61..710200519 100644
--- a/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryRepositoryTest/after-save-new-category.yml
+++ b/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryRepositoryTest/after-save-new-category.yml
@@ -54,4 +54,62 @@ ccm_core.category_domains:
uri: http://libreccm.org/test
version: 1.0
+ccm_core.parties:
+ - party_id: -100
+ name: public-user
+ - party_id: -200
+ name: jdoe
+ - party_id: -300
+ name: mmuster
+
+ccm_core.users:
+ - party_id: -100
+ given_name: public
+ family_name: user
+ email_address: public-user@localhost
+ banned: false
+ bouncing: false
+ verified: true
+ password_reset_required: false
+ - party_id: -200
+ given_name: John
+ family_name: Doe
+ email_address: john.doe@example.org
+ password: $shiro1$SHA-512$500000$Y7CnccN1h25sR7KCElMOXg==$CVLWBhetodaEzzhDfGjRcCFZtSW02xOnjH7xhBx0lbxO66grKIt6LWmXoUhLEydce1JZ7cbzNLYOxIwwTeqi5Q==
+ banned: false
+ bouncing: false
+ verified: true
+ password_reset_required: false
+ - party_id: -300
+ given_name: Max
+ family_name: Mustermann
+ email_address: max.mustermann@example.org
+ password: $shiro1$SHA-512$500000$Y7CnccN1h25sR7KCElMOXg==$CVLWBhetodaEzzhDfGjRcCFZtSW02xOnjH7xhBx0lbxO66grKIt6LWmXoUhLEydce1JZ7cbzNLYOxIwwTeqi5Q==
+ banned: false
+ bouncing: false
+ verified: true
+ password_reset_required: false
+
+ccm_core.ccm_roles:
+ - role_id: -500
+ name: category_manager
+ - role_id: -510
+ name: category_manager_domain_test
+
+ccm_core.role_memberships:
+ - membership_id: -600
+ role_id: -500
+ member_id: -200
+ - membership_id: -610
+ role_id: -510
+ member_id: -300
+
+ccm_core.permissions:
+ - permission_id: -700
+ granted_privilege: manage_category
+ grantee_id: -500
+ - permission_id: -710
+ granted_privilege: manage_category
+ grantee_id: -510
+ object_id: -1000
diff --git a/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryRepositoryTest/data.yml b/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryRepositoryTest/data.yml
index 605c3782b..834381022 100644
--- a/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryRepositoryTest/data.yml
+++ b/ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryRepositoryTest/data.yml
@@ -96,9 +96,9 @@ ccm_core.role_memberships:
ccm_core.permissions:
- permission_id: -700
- granted_privilege: manage_categories
+ granted_privilege: manage_category
grantee_id: -500
- permission_id: -710
- granted_privilege: manage_categories
+ granted_privilege: manage_category
grantee_id: -510
object_id: -1000
diff --git a/ccm-shortcuts/src/test/java/org/libreccm/shortcuts/ShortcutRepositoryTest.java b/ccm-shortcuts/src/test/java/org/libreccm/shortcuts/ShortcutRepositoryTest.java
index 1cb7d20d0..1b24d0506 100644
--- a/ccm-shortcuts/src/test/java/org/libreccm/shortcuts/ShortcutRepositoryTest.java
+++ b/ccm-shortcuts/src/test/java/org/libreccm/shortcuts/ShortcutRepositoryTest.java
@@ -172,18 +172,18 @@ public class ShortcutRepositoryTest {
final Optional shop = shortcutRepository.findByUrlKey("shop");
assertThat(members.isPresent(), is(true));
- assertThat(members.get().getUrlKey(), is(equalTo("members")));
+ assertThat(members.get().getUrlKey(), is(equalTo("/members/")));
assertThat(members.get().getRedirect(),
is(equalTo("/ccm/navigation/members")));
assertThat(mitglieder.isPresent(), is(true));
- assertThat(mitglieder.get().getUrlKey(), is(equalTo("mitglieder")));
+ assertThat(mitglieder.get().getUrlKey(), is(equalTo("/mitglieder/")));
assertThat(mitglieder.get().getRedirect(),
is(equalTo("/ccm/navigation/members")));
assertThat(shop.isPresent(), is(true));
assertThat(shop.get().getUrlKey(),
- is(equalTo("shop")));
+ is(equalTo("/shop/")));
assertThat(shop.get().getRedirect(),
is(equalTo("http://www.example.com")));
}
@@ -209,17 +209,17 @@ public class ShortcutRepositoryTest {
final List toMembers = shortcutRepository.findByRedirect(
"/ccm/navigation/members");
assertThat(toMembers.size(), is(2));
- assertThat(toMembers.get(0).getUrlKey(), is(equalTo("members")));
+ assertThat(toMembers.get(0).getUrlKey(), is(equalTo("/members/")));
assertThat(toMembers.get(0).getRedirect(),
is(equalTo("/ccm/navigation/members")));
- assertThat(toMembers.get(1).getUrlKey(), is(equalTo("mitglieder")));
+ assertThat(toMembers.get(1).getUrlKey(), is(equalTo("/mitglieder/")));
assertThat(toMembers.get(1).getRedirect(),
is(equalTo("/ccm/navigation/members")));
final List toExampleCom = shortcutRepository.findByRedirect(
"http://www.example.com");
assertThat(toExampleCom.size(), is(1));
- assertThat(toExampleCom.get(0).getUrlKey(), is(equalTo("shop")));
+ assertThat(toExampleCom.get(0).getUrlKey(), is(equalTo("/shop/")));
assertThat(toExampleCom.get(0).getRedirect(),
is(equalTo("http://www.example.com")));
}
diff --git a/ccm-shortcuts/src/test/resources/datasets/org/libreccm/shortcuts/ShortcutManagerTest/data.xml b/ccm-shortcuts/src/test/resources/datasets/org/libreccm/shortcuts/ShortcutManagerTest/data.xml
index ce70d54f0..faa50650f 100644
--- a/ccm-shortcuts/src/test/resources/datasets/org/libreccm/shortcuts/ShortcutManagerTest/data.xml
+++ b/ccm-shortcuts/src/test/resources/datasets/org/libreccm/shortcuts/ShortcutManagerTest/data.xml
@@ -32,8 +32,8 @@
member_id="-110" />
+ granted_privilege="manage_shortcuts"
+ grantee_id="-200" />