diff --git a/ccm-core/src/main/java/org/libreccm/core/Permission.java b/ccm-core/src/main/java/org/libreccm/core/Permission.java index 7428ac437..652fe6b30 100644 --- a/ccm-core/src/main/java/org/libreccm/core/Permission.java +++ b/ccm-core/src/main/java/org/libreccm/core/Permission.java @@ -59,7 +59,7 @@ import javax.xml.bind.annotation.XmlRootElement; + " WHERE m.user = :user)"), @NamedQuery(name = "findPermissionsForCcmObject", query = "SELECT p FROM Permission p WHERE p.object = :object"), - @NamedQuery(name = "findPermissionsByUserObjectAndPrivilege", + @NamedQuery(name = "findPermissionsForUserPrivilegeAndObject", query = "SELECT p FROM Permission p " + "WHERE (p.grantee = :user" + " OR p.grantee IN (SELECT g " @@ -67,11 +67,24 @@ import javax.xml.bind.annotation.XmlRootElement; + " WHERE m.user = :user))" + " AND p.grantedPrivilege = :privilege" + " AND p.object = :object"), - @NamedQuery(name = "findPermissionsBySubjectObjectAndPrivilege", + @NamedQuery(name = "findWildcardPermissionsForUserPrivilegeAndObject", + query = "SELECT p FROM Permission p " + + "WHERE (p.grantee = :user" + + " OR p.grantee IN (SELECT g " + + " FROM Group g JOIN g.members m" + + " WHERE m.user = :user))" + + " AND p.grantedPrivilege = :privilege" + + " AND p.object IS NULL"), + @NamedQuery(name = "findPermissionsForSubjectPrivilegeAndObject", query = "SELECT p FROM Permission p " + "WHERE p.grantee = :subject" + " AND p.grantedPrivilege = :privilege" - + " AND p.object = :object") + + " AND p.object = :object"), + @NamedQuery(name = "findWildcardPermissionsForSubjectPrivilegeAndObject", + query = "SELECT p FROM Permission p " + + "WHERE p.grantee = :subject" + + " AND p.grantedPrivilege = :privilege" + + " AND p.object IS NULL") }) //Can't reduce complexity yet diff --git a/ccm-core/src/main/java/org/libreccm/core/PermissionManager.java b/ccm-core/src/main/java/org/libreccm/core/PermissionManager.java index f1c62b0e1..176895adc 100644 --- a/ccm-core/src/main/java/org/libreccm/core/PermissionManager.java +++ b/ccm-core/src/main/java/org/libreccm/core/PermissionManager.java @@ -18,7 +18,10 @@ */ package org.libreccm.core; +import java.util.List; + import javax.enterprise.context.RequestScoped; +import javax.inject.Inject; /** * @@ -27,20 +30,48 @@ import javax.enterprise.context.RequestScoped; @RequestScoped public class PermissionManager { + @Inject + private transient PermissionRepository permissionRepository; + + @Inject + private transient PrivilegeRepository privilegeRepository; + + @Inject + private transient CcmObjectRepository ccmObjectRepository; + + @Inject + private transient SubjectRepository subjectRepository; + /** * Creates a new permission granting the provided {@code privilege} on the * provided {@code object} to the provided {@code subject}. If the * permission is already granted to the provided {@code subject} this method * does nothing. * - * @param privilege The privilege to grant. - * @param object The object on which the privilege is granted. - * @param subject The subject to grant the privilege to. + * @param privilege The privilege to grant. Can't be {@code null}. + * @param object The object on which the privilege is granted. Can be + * {@code null}. + * @param subject The subject to grant the privilege to. Can't be + * {@code null}. */ public void grantPermission(final Privilege privilege, final CcmObject object, final Subject subject) { - throw new UnsupportedOperationException(); + if (!isPermitted(privilege, object, subject)) { + final Permission permission = new Permission(); + permission.setGrantedPrivilege(privilege); + permission.setObject(object); + permission.setGrantee(subject); + + subject.addGrantedPermission(permission); + subjectRepository.save(subject); + if (object != null) { + object.addPermission(permission); + ccmObjectRepository.save(object); + } + + permissionRepository.save(permission); + } } /** @@ -49,14 +80,30 @@ public class PermissionManager { * permission granting the provided privilege on the provided {@code object} * to the provided {@code subject} this method does nothing. * - * @param privilege The privilege to revoke - * @param object The object on which the privilege is revoked. - * @param subject The subject to revoke the privilege from. + * @param privilege The privilege to revoke. Can't be {@code null}. + * @param object The object on which the privilege is revoked. Can be + * {@code null}. + * @param subject The subject to revoke the privilege from. Can't be + * {@code null}. */ public void revokePermission(final Privilege privilege, final CcmObject object, final Subject subject) { - throw new UnsupportedOperationException(); + final List permissions = permissionRepository + .findPermissionsForSubjectPrivilegeAndObject(subject, + privilege, + object); + for (final Permission permission : permissions) { + if (object != null) { + object.removePermission(permission); + ccmObjectRepository.save(object); + } + subject.removeGrantedPermission(permission); + subjectRepository.save(subject); + + permissionRepository.delete(permission); + } + } /** @@ -67,9 +114,11 @@ public class PermissionManager { * the public user from the database. If there is no public user the method * will return {@code false}. * - * @param privilege The privilege to check. - * @param object The object on which the privilege is granted. - * @param subject The subject to which the privilege is granted. + * @param privilege The privilege to check. Can't be {@code null}. + * @param object The object on which the privilege is granted. Can't be + * {@code null}. + * @param subject The subject to which the privilege is granted. Can't be + * {@code null}. * * @return {@code true} of the subject has a permission granting * {@code privilege} on {@code object}, either explicit or implicit. @@ -79,7 +128,101 @@ public class PermissionManager { public boolean isPermitted(final Privilege privilege, final CcmObject object, final Subject subject) { - throw new UnsupportedOperationException(); + if (subject instanceof User) { + return isPermitted(privilege, object, (User) subject); + } else if (subject instanceof Group) { + return isPermitted(privilege, object, (Group) subject); + } else { + return false; + } + } + + public boolean isPermitted(final Privilege privilege, + final CcmObject object, + final User user) { + boolean result; + + final List directPermissions = permissionRepository + .findPermissionsForUserPrivilegeAndObject(user, privilege, object); + result = !directPermissions.isEmpty(); + + if (!result) { + final List permissions = permissionRepository + .findPermissionsForUserPrivilegeAndObject(user, privilege, null); + result = !permissions.isEmpty(); + } + + if (!result) { + final Privilege admin = privilegeRepository.retrievePrivilege( + "admin"); + if (admin != null) { + final List permissions = permissionRepository + .findPermissionsForUserPrivilegeAndObject(user, + privilege, + object); + result = !permissions.isEmpty(); + } + } + + if (!result) { + final Privilege admin = privilegeRepository.retrievePrivilege( + "admin"); + if (admin != null) { + final List permissions = permissionRepository + .findPermissionsForUserPrivilegeAndObject(user, + privilege, + null); + result = !permissions.isEmpty(); + } + } + + return result; + } + + public boolean isPermitted(final Privilege privilege, + final CcmObject object, + final Group group) { + boolean result; + + final List directPermissions = permissionRepository + .findPermissionsForSubjectPrivilegeAndObject(group, + privilege, + object); + result = !directPermissions.isEmpty(); + + if (!result) { + final List permissions = permissionRepository + .findPermissionsForSubjectPrivilegeAndObject(group, + privilege, + null); + result = !permissions.isEmpty(); + } + + if (!result) { + final Privilege admin = privilegeRepository.retrievePrivilege( + "admin"); + if (admin != null) { + final List permissions = permissionRepository + .findPermissionsForSubjectPrivilegeAndObject(group, + admin, + object); + result = !permissions.isEmpty(); + } + } + + if (!result) { + final Privilege admin = privilegeRepository.retrievePrivilege( + "admin"); + if (admin != null) { + final List permissions = permissionRepository + .findPermissionsForSubjectPrivilegeAndObject(group, + admin, + null); + result = !permissions.isEmpty(); + } + } + + return result; } /** @@ -90,9 +233,11 @@ public class PermissionManager { * the public user from the database. If there is no public user the method * will return {@code false}. * - * @param privilege The privilege to check. - * @param object The object on which the privilege is granted. - * @param subject The subject to which the privilege is granted. + * @param privilege The privilege to check. Can't be {@code null}. + * @param object The object on which the privilege is granted. Can't be + * {@code null}. + * @param subject The subject to which the privilege is granted. Can't be + * {@code null}. * * @throws UnauthorizedAcccessException If there is no permission granting * {@code privilege} on {@code object} @@ -105,7 +250,14 @@ public class PermissionManager { final CcmObject object, final Subject subject) throws UnauthorizedAcccessException { - throw new UnsupportedOperationException(); + if (!isPermitted(privilege, object, subject)) { + throw new UnauthorizedAcccessException(String.format( + "Privilege \"%s\" has not been granted to subject \"%s\" " + + "on object \"%s\".", + privilege.getLabel(), + subject.toString(), + object.toString())); + } } } diff --git a/ccm-core/src/main/java/org/libreccm/core/PermissionRepository.java b/ccm-core/src/main/java/org/libreccm/core/PermissionRepository.java index dfc685014..a977bb6e9 100644 --- a/ccm-core/src/main/java/org/libreccm/core/PermissionRepository.java +++ b/ccm-core/src/main/java/org/libreccm/core/PermissionRepository.java @@ -32,7 +32,7 @@ import javax.persistence.TypedQuery; */ @RequestScoped public class PermissionRepository - extends AbstractEntityRepository { + extends AbstractEntityRepository { @Inject private transient EntityManager entityManager; @@ -51,6 +51,7 @@ public class PermissionRepository * {@inheritDoc } * * @param entity {@inheritDoc } + * * @return {@inheritDoc } */ @Override @@ -71,40 +72,42 @@ public class PermissionRepository * {@link #findPermissionsForUser(org.libreccm.core.User)} method instead. * * @param subject The subject. + * * @return All permissions granted to the provided subject. */ public List findPermissionsForSubject(final Subject subject) { if (subject == null) { throw new IllegalArgumentException( - "Illegal value 'null' provided for parameter subject."); + "Illegal value 'null' provided for parameter subject."); } final TypedQuery query = entityManager.createNamedQuery( - "findPermissionsForSubject", Permission.class); + "findPermissionsForSubject", Permission.class); query.setParameter("subject", subject); return query.getResultList(); } /** - * Finds a permissions granted to a user and to the groups the user is - * member of. - * + * Finds a permissions granted to a user and to the groups the user is + * member of. + * * If you only need the permissions assigned to the user itself use the * {@link #findPermissionsForSubject(org.libreccm.core.Subject)} method. - * + * * @param user The user. - * @return All permissions granted to the user or the groups the user is - * member of. + * + * @return All permissions granted to the user or the groups the user is + * member of. */ public List findPermissionsForUser(final User user) { if (user == null) { throw new IllegalArgumentException( - "Illegal value 'null' provided for parameter user"); + "Illegal value 'null' provided for parameter user"); } final TypedQuery query = entityManager.createNamedQuery( - "findPermissionsForUser", Permission.class); + "findPermissionsForUser", Permission.class); query.setParameter("user", user); return query.getResultList(); @@ -112,39 +115,89 @@ public class PermissionRepository /** * Finds all permissions granted on a object. - * + * * @param object The object. + * * @return All permissions granted on the object. */ public List findPermissionsForCcmObject(final CcmObject object) { if (object == null) { throw new IllegalArgumentException( - "Illegal value 'null' provided for parameter object."); + "Illegal value 'null' provided for parameter object."); } final TypedQuery query = entityManager.createNamedQuery( - "findPermissionsForCcmObject", Permission.class); + "findPermissionsForCcmObject", Permission.class); query.setParameter("object", object); return query.getResultList(); } -// public List findPermissionForUserPrivilegeAndObject( -// final User user, -// final Privilege privilege, -// final CcmObject object) { -// if (user == null) { -// throw new IllegalArgumentException( -// "Illegal value 'null' provided for parameter user"); -// } -// -// if (privilege == null) { -// throw new IllegalArgumentException( -// "Illegal value 'null' provided for parameter privilege"); -// } -// -// final TypedQuery query = entityManager.createNamedQuery( -// "findPermissionsForUserPrivilegeAndObject", Permission.class); -// -// } + public List findPermissionsForUserPrivilegeAndObject( + final User user, + final Privilege privilege, + final CcmObject object) { + + if (user == null) { + throw new IllegalArgumentException( + "Illegal value 'null' provided for parameter user"); + } + + if (privilege == null) { + throw new IllegalArgumentException( + "Illegal value 'null' provided for parameter privilege"); + } + + final TypedQuery query; + if (object == null) { + query = entityManager.createNamedQuery( + "findWildcardPermissionsForUserPrivilegeAndObject", + Permission.class); + + } else { + query = entityManager.createNamedQuery( + "findPermissionsForUserPrivilegeAndObject", Permission.class); + query.setParameter("object", object); + } + + query.setParameter("user", user); + query.setParameter("privilege", privilege); + + return query.getResultList(); + } + + public List findPermissionsForSubjectPrivilegeAndObject( + final Subject subject, + final Privilege privilege, + final CcmObject object) { + + if (subject == null) { + throw new IllegalArgumentException( + "Illegal value 'null' provided for parameter subject"); + } + + if (privilege == null) { + throw new IllegalArgumentException( + "Illegal value 'null' provided for parameter privilege"); + } + + final TypedQuery query; + + if (object == null) { + query = entityManager.createNamedQuery( + "findWildcardPermissionsForSubjectPrivilegeAndObject", + Permission.class); + } else { + query = entityManager.createNamedQuery( + "findPermissionsForSubjectPrivilegeAndObject", Permission.class); + + query.setParameter("object", object); + } + + query.setParameter("subject", subject); + query.setParameter("privilege", privilege); + + return query.getResultList(); + } + } diff --git a/ccm-core/src/main/java/org/libreccm/core/SubjectRepository.java b/ccm-core/src/main/java/org/libreccm/core/SubjectRepository.java new file mode 100644 index 000000000..cba94e22c --- /dev/null +++ b/ccm-core/src/main/java/org/libreccm/core/SubjectRepository.java @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2015 LibreCCM Foundation. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ +package org.libreccm.core; + + +import javax.enterprise.context.RequestScoped; + +/** + * + * @author Jens Pelzetter + */ +@RequestScoped +public class SubjectRepository extends AbstractEntityRepository { + + @Override + public Class getEntityClass() { + return Subject.class; + } + + @Override + public boolean isNew(final Subject entity) { + return entity.getSubjectId() == 0; + } + +} diff --git a/ccm-core/src/test/java/org/libreccm/core/DatasetsTest.java b/ccm-core/src/test/java/org/libreccm/core/DatasetsTest.java index c74607693..f95da019f 100644 --- a/ccm-core/src/test/java/org/libreccm/core/DatasetsTest.java +++ b/ccm-core/src/test/java/org/libreccm/core/DatasetsTest.java @@ -55,6 +55,7 @@ public class DatasetsTest extends DatasetsVerifier { "/datasets/org/libreccm/core/GroupRepositoryTest/after-save-changed.json", "/datasets/org/libreccm/core/GroupRepositoryTest/after-save-new.json", "/datasets/org/libreccm/core/PermissionManagerTest/after-grant.json", + "/datasets/org/libreccm/core/PermissionManagerTest/after-grant-wildcard.json", "/datasets/org/libreccm/core/PermissionManagerTest/after-revoke.json", "/datasets/org/libreccm/core/PermissionManagerTest/data.json", "/datasets/org/libreccm/core/PermissionRepositoryTest/after-save-changed.json", diff --git a/ccm-core/src/test/java/org/libreccm/core/PermissionManagerTest.java b/ccm-core/src/test/java/org/libreccm/core/PermissionManagerTest.java index a5450bdd0..05e541b5f 100644 --- a/ccm-core/src/test/java/org/libreccm/core/PermissionManagerTest.java +++ b/ccm-core/src/test/java/org/libreccm/core/PermissionManagerTest.java @@ -18,12 +18,16 @@ */ package org.libreccm.core; +import static org.hamcrest.Matchers.*; + import java.io.File; + import org.jboss.arquillian.container.test.api.Deployment; import org.jboss.arquillian.container.test.api.ShouldThrowException; import org.jboss.arquillian.junit.Arquillian; import org.jboss.arquillian.junit.InSequence; import org.jboss.arquillian.persistence.PersistenceTest; +import org.jboss.arquillian.persistence.ShouldMatchDataSet; import org.jboss.arquillian.persistence.UsingDataSet; import org.jboss.arquillian.transaction.api.annotation.TransactionMode; import org.jboss.arquillian.transaction.api.annotation.Transactional; @@ -41,6 +45,11 @@ import org.junit.experimental.categories.Category; import org.junit.runner.RunWith; import org.libreccm.tests.categories.IntegrationTest; +import java.util.LinkedHashMap; +import java.util.Map; + +import javax.inject.Inject; + import static org.junit.Assert.*; /** @@ -53,6 +62,34 @@ import static org.junit.Assert.*; @Transactional(TransactionMode.COMMIT) public class PermissionManagerTest { + private static final String TEST_OBJECT_1 = "Test Object 1"; + private static final String TEST_OBJECT_2 = "Test Object 2"; + private static final String TEST_OBJECT_3 = "Test Object 3"; + private static final String TEST_OBJECT_4 = "Test Object 4"; + private static final String TEST_OBJECT_5 = "Test Object 5"; + private static final String TEST_OBJECT_6 = "Test Object 6"; + private static final String TEST_OBJECT_7 = "Test Object 7"; + private static final String TEST_OBJECT_8 = "Test Object 8"; + + private static final String ADMIN = "admin"; + private static final String READ = "read"; + private static final String WRITE = "write"; + + @Inject + private transient PermissionManager permissionManager; + + @Inject + private transient PrivilegeRepository privilegeRepository; + + @Inject + private transient CcmObjectRepository ccmObjectRepository; + + @Inject + private transient UserRepository userRepository; + + @Inject + private transient GroupRepository groupRepository; + public PermissionManagerTest() { } @@ -80,10 +117,10 @@ public class PermissionManagerTest { @Deployment public static WebArchive createDeployment() { final PomEquippedResolveStage pom = Maven - .resolver() - .loadPomFromFile("pom.xml"); + .resolver() + .loadPomFromFile("pom.xml"); final PomEquippedResolveStage dependencies = pom. - importCompileAndRuntimeDependencies(); + importCompileAndRuntimeDependencies(); final File[] libs = dependencies.resolve().withTransitivity().asFile(); for (File lib : libs) { @@ -92,111 +129,462 @@ public class PermissionManagerTest { } return ShrinkWrap - .create(WebArchive.class, - String.format("LibreCCM-%s.war", - PermissionManagerTest.class.getName())) - .addPackage(User.class.getPackage()) - .addPackage(org.libreccm.web.Application.class.getPackage()) - .addPackage(org.libreccm.categorization.Category.class. - getPackage()) - .addPackage(org.libreccm.l10n.LocalizedString.class.getPackage()). - addPackage(org.libreccm.jpa.EntityManagerProducer.class - .getPackage()) - .addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class - .getPackage()) - .addPackage(org.libreccm.testutils.EqualsVerifier.class. - getPackage()) - .addPackage(org.libreccm.tests.categories.IntegrationTest.class - .getPackage()) - .addAsLibraries(libs) - .addAsResource("test-persistence.xml", - "META-INF/persistence.xml") - .addAsWebInfResource("test-web.xml", "WEB-INF/web.xml") - .addAsWebInfResource(EmptyAsset.INSTANCE, "WEB-INF/beans.xml"); + .create(WebArchive.class, + String.format("LibreCCM-%s.war", + PermissionManagerTest.class.getName())) + .addPackage(User.class.getPackage()) + .addPackage(org.libreccm.web.Application.class.getPackage()) + .addPackage(org.libreccm.categorization.Category.class. + getPackage()) + .addPackage(org.libreccm.l10n.LocalizedString.class.getPackage()). + addPackage(org.libreccm.jpa.EntityManagerProducer.class + .getPackage()) + .addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class + .getPackage()) + .addPackage(org.libreccm.testutils.EqualsVerifier.class. + getPackage()) + .addPackage(org.libreccm.tests.categories.IntegrationTest.class + .getPackage()) + .addAsLibraries(libs) + .addAsResource("test-persistence.xml", + "META-INF/persistence.xml") + .addAsWebInfResource("test-web.xml", "WEB-INF/web.xml") + .addAsWebInfResource(EmptyAsset.INSTANCE, "WEB-INF/beans.xml"); + } + + private Map retrieveTestObjects() { + final long[] objectIds = {-10, -20, -30, -40, -50, -60, -70, -80}; + + final Map objects = new LinkedHashMap<>(); + + for (final long objectId : objectIds) { + final CcmObject object = ccmObjectRepository.findById(objectId); + objects.put(object.getDisplayName(), object); + } + + return objects; + } + + private Map retrievePrivileges() { + final String[] privilegLabels = {"admin", "read", "write"}; + + final Map privileges = new LinkedHashMap<>(); + + for (final String label : privilegLabels) { + final Privilege privilege = privilegeRepository.retrievePrivilege( + label); + privileges.put(label, privilege); + } + + return privileges; + } + + private void verifyIsPermitted(final Subject subject, + final Privilege privilege, + final Map expected) { + final String subjectName; + if (subject instanceof User) { + subjectName = ((User) subject).getScreenName(); + } else if (subject instanceof Group) { + subjectName = ((Group) subject).getName(); + } else { + subjectName = "???"; + } + for (Map.Entry entry : expected.entrySet()) { + assertThat(String.format("isPermitted should return %b for subject " + + "%s and privilege %s on object %s.", + entry.getValue(), + subjectName, + privilege.getLabel(), + entry.getKey().getDisplayName()), + permissionManager.isPermitted(privilege, + entry.getKey(), + subject), + is(entry.getValue())); + } } @Test @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" - + "data.json") + + "data.json") + @InSequence(10) + public void isPermittedWebmaster() { + final User webmaster = userRepository.findByScreenName("webmaster"); + final Map testObjects = retrieveTestObjects(); + final Map privileges = retrievePrivileges(); + + final Map expected = new LinkedHashMap<>(); + expected.put(testObjects.get(TEST_OBJECT_1), true); + expected.put(testObjects.get(TEST_OBJECT_2), true); + expected.put(testObjects.get(TEST_OBJECT_3), true); + expected.put(testObjects.get(TEST_OBJECT_4), true); + expected.put(testObjects.get(TEST_OBJECT_5), true); + expected.put(testObjects.get(TEST_OBJECT_6), true); + expected.put(testObjects.get(TEST_OBJECT_7), true); + expected.put(testObjects.get(TEST_OBJECT_8), true); + + verifyIsPermitted(webmaster, privileges.get(ADMIN), expected); + verifyIsPermitted(webmaster, privileges.get(READ), expected); + verifyIsPermitted(webmaster, privileges.get(WRITE), expected); + } + + @Test + @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" + + "data.json") + @InSequence(20) + public void isPermittedJdoe() { + final User jdoe = userRepository.findByScreenName("jdoe"); + final Map testObjects = retrieveTestObjects(); + final Map privileges = retrievePrivileges(); + + final Map expectedRead = new LinkedHashMap<>(); + expectedRead.put(testObjects.get(TEST_OBJECT_1), true); + expectedRead.put(testObjects.get(TEST_OBJECT_2), true); + expectedRead.put(testObjects.get(TEST_OBJECT_3), true); + expectedRead.put(testObjects.get(TEST_OBJECT_4), true); + expectedRead.put(testObjects.get(TEST_OBJECT_5), true); + expectedRead.put(testObjects.get(TEST_OBJECT_6), false); + expectedRead.put(testObjects.get(TEST_OBJECT_7), false); + expectedRead.put(testObjects.get(TEST_OBJECT_8), true); + + final Map expectedWrite = new LinkedHashMap<>(); + expectedWrite.put(testObjects.get(TEST_OBJECT_1), true); + expectedWrite.put(testObjects.get(TEST_OBJECT_2), true); + expectedWrite.put(testObjects.get(TEST_OBJECT_3), true); + expectedWrite.put(testObjects.get(TEST_OBJECT_4), true); + expectedWrite.put(testObjects.get(TEST_OBJECT_5), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_6), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_7), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_8), true); + + verifyIsPermitted(jdoe, privileges.get(READ), expectedRead); + verifyIsPermitted(jdoe, privileges.get(WRITE), expectedWrite); + } + + @Test + @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" + + "data.json") + @InSequence(30) + public void isPermittedMmuster() { + final User mmuster = userRepository.findByScreenName("mmuster"); + final Map testObjects = retrieveTestObjects(); + final Map privileges = retrievePrivileges(); + + final Map expectedRead = new LinkedHashMap<>(); + expectedRead.put(testObjects.get(TEST_OBJECT_1), true); + expectedRead.put(testObjects.get(TEST_OBJECT_2), true); + expectedRead.put(testObjects.get(TEST_OBJECT_3), true); + expectedRead.put(testObjects.get(TEST_OBJECT_4), true); + expectedRead.put(testObjects.get(TEST_OBJECT_5), true); + expectedRead.put(testObjects.get(TEST_OBJECT_6), true); + expectedRead.put(testObjects.get(TEST_OBJECT_7), false); + expectedRead.put(testObjects.get(TEST_OBJECT_8), true); + + final Map expectedWrite = new LinkedHashMap<>(); + expectedWrite.put(testObjects.get(TEST_OBJECT_1), true); + expectedWrite.put(testObjects.get(TEST_OBJECT_2), true); + expectedWrite.put(testObjects.get(TEST_OBJECT_3), true); + expectedWrite.put(testObjects.get(TEST_OBJECT_4), true); + expectedWrite.put(testObjects.get(TEST_OBJECT_5), true); + expectedWrite.put(testObjects.get(TEST_OBJECT_6), true); + expectedWrite.put(testObjects.get(TEST_OBJECT_7), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_8), true); + + verifyIsPermitted(mmuster, privileges.get(READ), expectedRead); + verifyIsPermitted(mmuster, privileges.get(WRITE), expectedWrite); + } + + @Test + @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" + + "data.json") + @InSequence(40) + public void isPermittedPublicUser() { + final User publicUser = userRepository.findByScreenName("public-user"); + final Map testObjects = retrieveTestObjects(); + final Map privileges = retrievePrivileges(); + + final Map expectedRead = new LinkedHashMap<>(); + expectedRead.put(testObjects.get(TEST_OBJECT_1), true); + expectedRead.put(testObjects.get(TEST_OBJECT_2), true); + expectedRead.put(testObjects.get(TEST_OBJECT_3), true); + expectedRead.put(testObjects.get(TEST_OBJECT_4), true); + expectedRead.put(testObjects.get(TEST_OBJECT_5), true); + expectedRead.put(testObjects.get(TEST_OBJECT_6), false); + expectedRead.put(testObjects.get(TEST_OBJECT_7), false); + expectedRead.put(testObjects.get(TEST_OBJECT_8), true); + + final Map expectedWrite = new LinkedHashMap<>(); + expectedWrite.put(testObjects.get(TEST_OBJECT_1), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_2), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_3), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_4), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_5), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_6), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_7), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_8), false); + + verifyIsPermitted(publicUser, privileges.get(READ), expectedRead); + verifyIsPermitted(publicUser, privileges.get(WRITE), expectedWrite); + } + + @Test + @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" + + "data.json") + @InSequence(50) + public void isPermittedUsers() { + final Group users = groupRepository.findByGroupName("users"); + final Map testObjects = retrieveTestObjects(); + final Map privileges = retrievePrivileges(); + + final Map expectedRead = new LinkedHashMap<>(); + expectedRead.put(testObjects.get(TEST_OBJECT_1), true); + expectedRead.put(testObjects.get(TEST_OBJECT_2), true); + expectedRead.put(testObjects.get(TEST_OBJECT_3), true); + expectedRead.put(testObjects.get(TEST_OBJECT_4), true); + expectedRead.put(testObjects.get(TEST_OBJECT_5), false); + expectedRead.put(testObjects.get(TEST_OBJECT_6), false); + expectedRead.put(testObjects.get(TEST_OBJECT_7), false); + expectedRead.put(testObjects.get(TEST_OBJECT_8), true); + + final Map expectedWrite = new LinkedHashMap<>(); + expectedWrite.put(testObjects.get(TEST_OBJECT_1), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_2), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_3), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_4), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_5), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_6), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_7), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_8), false); + + verifyIsPermitted(users, privileges.get(READ), expectedRead); + verifyIsPermitted(users, privileges.get(WRITE), expectedWrite); + } + + @Test + @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" + + "data.json") + @InSequence(60) + public void isPermittedAuthors() { + final Group authors = groupRepository.findByGroupName("authors"); + final Map testObjects = retrieveTestObjects(); + final Map privileges = retrievePrivileges(); + + final Map expectedRead = new LinkedHashMap<>(); + expectedRead.put(testObjects.get(TEST_OBJECT_1), true); + expectedRead.put(testObjects.get(TEST_OBJECT_2), true); + expectedRead.put(testObjects.get(TEST_OBJECT_3), true); + expectedRead.put(testObjects.get(TEST_OBJECT_4), true); + expectedRead.put(testObjects.get(TEST_OBJECT_5), false); + expectedRead.put(testObjects.get(TEST_OBJECT_6), false); + expectedRead.put(testObjects.get(TEST_OBJECT_7), false); + expectedRead.put(testObjects.get(TEST_OBJECT_8), true); + + final Map expectedWrite = new LinkedHashMap<>(); + expectedWrite.put(testObjects.get(TEST_OBJECT_1), true); + expectedWrite.put(testObjects.get(TEST_OBJECT_2), true); + expectedWrite.put(testObjects.get(TEST_OBJECT_3), true); + expectedWrite.put(testObjects.get(TEST_OBJECT_4), true); + expectedWrite.put(testObjects.get(TEST_OBJECT_5), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_6), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_7), false); + expectedWrite.put(testObjects.get(TEST_OBJECT_8), true); + + verifyIsPermitted(authors, privileges.get(READ), expectedRead); + verifyIsPermitted(authors, privileges.get(WRITE), expectedWrite); + } + + @Test(expected = IllegalArgumentException.class) + @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" + + "data.json") + @ShouldThrowException(IllegalArgumentException.class) + @InSequence(70) + public void isPermittedNullPrivilege() { + final CcmObject object = ccmObjectRepository.findById(-10L); + final User user = userRepository.findByScreenName("webmaster"); + + permissionManager.isPermitted(null, object, user); + } + + @Test(expected = IllegalArgumentException.class) + @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" + + "data.json") + @ShouldThrowException(IllegalArgumentException.class) + @InSequence(80) + public void isPermittedNullObject() { + final Privilege privilege = privilegeRepository + .retrievePrivilege(READ); + final User user = userRepository.findByScreenName("webmaster"); + + permissionManager.isPermitted(privilege, null, user); + } + + @Test + @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" + + "data.json") + @InSequence(100) + public void checkPermissionValid() throws UnauthorizedAcccessException { + final Privilege privilege = privilegeRepository + .retrievePrivilege(READ); + final CcmObject object = ccmObjectRepository.findById(-10L); + final User user = userRepository.findByScreenName("jdoe"); + + permissionManager.checkPermission(privilege, object, user); + } + + @Test(expected = UnauthorizedAcccessException.class) + @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" + + "data.json") + @ShouldThrowException(UnauthorizedAcccessException.class) @InSequence(110) - public void isPermittedGrantedByAdminPrivilege() { - fail(); + public void checkPermissionInValid() throws UnauthorizedAcccessException { + final Privilege privilege = privilegeRepository + .retrievePrivilege(READ); + final CcmObject object = ccmObjectRepository.findById(-60L); + final User user = userRepository.findByScreenName("jdoe"); + + permissionManager.checkPermission(privilege, object, user); } - - @Test + + @Test(expected = IllegalArgumentException.class) @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" - + "data.json") + + "data.json") + @ShouldThrowException(IllegalArgumentException.class) @InSequence(120) - public void isPermittedGrantedByDirectPermission() { - fail(); + public void checkPermissionNullPrivilege() throws + UnauthorizedAcccessException { + final CcmObject object = ccmObjectRepository.findById(-10L); + final User user = userRepository.findByScreenName("webmaster"); + + permissionManager.checkPermission(null, object, user); } - - @Test + + @Test(expected = IllegalArgumentException.class) @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" - + "data.json") + + "data.json") + @ShouldThrowException(IllegalArgumentException.class) @InSequence(130) - public void isPermittedGrantedByGroup() { - fail(); + public void checkPermissionNullObject() throws UnauthorizedAcccessException { + final Privilege privilege = privilegeRepository + .retrievePrivilege(READ); + final User user = userRepository.findByScreenName("webmaster"); + + permissionManager.checkPermission(privilege, null, user); } - - @Test + + @Test(expected = IllegalArgumentException.class) @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" - + "data.json") + + "data.json") + @ShouldThrowException(IllegalArgumentException.class) @InSequence(140) - public void isPermittedPublicUserGranted() { - fail(); + public void checkPermissionNullSubject() throws UnauthorizedAcccessException { + final Privilege privilege = privilegeRepository + .retrievePrivilege(READ); + final CcmObject object = ccmObjectRepository.findById(-10L); + + permissionManager.checkPermission(privilege, object, null); } - + @Test @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" - + "data.json") + + "data.json") + @ShouldMatchDataSet("datasets/org/libreccm/core/PermissionManagerTest/" + + "after-grant.json") @InSequence(150) - public void isPermittedPublicUserDenied() { - fail(); + public void grantPermission() { + final Privilege read = privilegeRepository.retrievePrivilege(READ); + final Privilege write = privilegeRepository.retrievePrivilege(WRITE); + + final User jdoe = userRepository.findByScreenName("jdoe"); + final User mmuster = userRepository.findByScreenName("mmuster"); + + final CcmObject object6 = ccmObjectRepository.findById(-60L); + final CcmObject object7 = ccmObjectRepository.findById(-70L); + + permissionManager.grantPermission(read, object6, jdoe); + + permissionManager.grantPermission(read, object7, mmuster); + permissionManager.grantPermission(write, object7, mmuster); } - - @Test(expected = UnauthorizedAcccessException.class) + + @Test @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" - + "data.json") - @ShouldThrowException(UnauthorizedAcccessException.class) + + "data.json") + @ShouldMatchDataSet("datasets/org/libreccm/core/PermissionManagerTest/" + + "after-grant-wildcard.json") + @InSequence(160) + public void grantWildcardPermission() { + final Privilege read = privilegeRepository.retrievePrivilege(READ); + final User jdoe = userRepository.findByScreenName("jdoe"); + + permissionManager.grantPermission(read, null, jdoe); + } + + @Test(expected = IllegalArgumentException.class) + @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" + + "data.json") + @ShouldThrowException(IllegalArgumentException.class) + @InSequence(170) + public void grantPermissionNullPrivilege() { + final User jdoe = userRepository.findByScreenName("jdoe"); + final CcmObject object6 = ccmObjectRepository.findById(-60L); + + permissionManager.grantPermission(null, object6, jdoe); + } + + @Test(expected = IllegalArgumentException.class) + @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" + + "data.json") + @ShouldThrowException(IllegalArgumentException.class) + @InSequence(180) + public void grantPermissionNullSubject() { + final Privilege read = privilegeRepository.retrievePrivilege(READ); + final CcmObject object6 = ccmObjectRepository.findById(-60L); + + permissionManager.grantPermission(read, object6, null); + } + + @Test + @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" + + "data.json") + @ShouldMatchDataSet("datasets/org/libreccm/core/PermissionManagerTest/" + + "after-revoke.json") + @InSequence(190) + public void revokePermission() { + final Privilege read = privilegeRepository.retrievePrivilege(READ); + final Privilege write = privilegeRepository.retrievePrivilege(WRITE); + + final User jdoe = userRepository.findByScreenName("jdoe"); + final User mmuster = userRepository.findByScreenName("mmuster"); + + final CcmObject object5 = ccmObjectRepository.findById(-50L); + final CcmObject object6 = ccmObjectRepository.findById(-60L); + + permissionManager.revokePermission(read, object5, jdoe); + permissionManager.revokePermission(write, object6, mmuster); + } + + @Test(expected = IllegalArgumentException.class) + @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" + + "data.json") + @ShouldThrowException(IllegalArgumentException.class) + @InSequence(200) + public void revokePermissionNullPrivilege() { + final User jdoe = userRepository.findByScreenName("jdoe"); + final CcmObject object5 = ccmObjectRepository.findById(-50L); + + permissionManager.revokePermission(null, object5, jdoe); + } + + @Test(expected = IllegalArgumentException.class) + @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" + + "data.json") + @ShouldThrowException(IllegalArgumentException.class) @InSequence(210) - public void checkPermittedGrantedByAdminPrivilege() { - fail(); - } - - @Test(expected = UnauthorizedAcccessException.class) - @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" - + "data.json") - @ShouldThrowException(UnauthorizedAcccessException.class) - @InSequence(220) - public void checkPermittedGrantedByDirectPermission() { - fail(); - } - - @Test(expected = UnauthorizedAcccessException.class) - @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" - + "data.json") - @ShouldThrowException(UnauthorizedAcccessException.class) - @InSequence(230) - public void checkPermittedGrantedByGroup() { - fail(); - } - - @Test(expected = UnauthorizedAcccessException.class) - @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" - + "data.json") - @ShouldThrowException(UnauthorizedAcccessException.class) - @InSequence(240) - public void checkPermittedPublicUserGranted() { - fail(); - } - - @Test(expected = UnauthorizedAcccessException.class) - @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" - + "data.json") - @ShouldThrowException(UnauthorizedAcccessException.class) - @InSequence(250) - public void checkPermittedPublicUserDenied() { - fail(); + public void revokePermissionNullSubject() { + final Privilege read = privilegeRepository.retrievePrivilege(READ); + final CcmObject object6 = ccmObjectRepository.findById(-60L); + + permissionManager.revokePermission(read, object6, null); } + } diff --git a/ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionManagerTest/after-grant-wildcard.json b/ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionManagerTest/after-grant-wildcard.json new file mode 100644 index 000000000..b2066762f --- /dev/null +++ b/ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionManagerTest/after-grant-wildcard.json @@ -0,0 +1,319 @@ +{ + "ccm_objects": + [ + { + "object_id": -10, + "display_name": "Test Object 1" + }, + { + "object_id": -20, + "display_name": "Test Object 2" + }, + { + "object_id": -30, + "display_name": "Test Object 3" + }, + { + "object_id": -40, + "display_name": "Test Object 4" + }, + { + "object_id": -50, + "display_name": "Test Object 5" + }, + { + "object_id": -60, + "display_name": "Test Object 6" + }, + { + "object_id": -70, + "display_name": "Test Object 7" + }, + { + "object_id": -80, + "display_name": "Test Object 8" + } + ], + "ccm_privileges": + [ + { + "privilege_id": -10, + "label": "admin" + }, + { + "privilege_id": -20, + "label": "read" + }, + { + "privilege_id": -30, + "label": "write" + } + ], + "subjects": + [ + { + "subject_id": -1 + }, + { + "subject_id": -2 + }, + { + "subject_id": -10 + }, + { + "subject_id": -30 + }, + { + "subject_id": -40 + }, + { + "subject_id": -50 + } + ], + "ccm_users": + [ + { + "banned": false, + "hash_algorithm": "SHA-512", + "family_name": "webmaster", + "given_name": "webmaster", + "password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==", + "password_reset_required": false, + "salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==", + "screen_name": "webmaster", + "subject_id": -1 + }, + { + "banned": false, + "hash_algorithm": "SHA-512", + "family_name": "public-user", + "given_name": "public-user", + "password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==", + "password_reset_required": false, + "salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==", + "screen_name": "public-user", + "subject_id": -2 + }, + { + "banned": false, + "hash_algorithm": "SHA-512", + "family_name": "Doe", + "given_name": "John", + "password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==", + "password_reset_required": false, + "salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==", + "screen_name": "jdoe", + "subject_id": -10 + }, + { + "banned": false, + "hash_algorithm": "SHA-512", + "family_name": "Mustermann", + "given_name": "Max", + "password": "1c9626af429a6291766d15cbfb38689bd8d49450520765973de70aecaf644b7d4fda711266ba9ec8fb6df30c8ab391d40330829aa85adf371bcde6b4c9bc01e6", + "password_reset_required": false, + "salt": "fjiajhigafgapoa", + "screen_name": "mmuster", + "subject_id": -50 + } + ], + "ccm_groups": + [ + { + "name": "users", + "subject_id": -30 + }, + { + "name": "authors", + "subject_id": -40 + } + ], + "group_memberships": + [ + { + "membership_id": -10, + "group_subject_id": -40, + "user_subject_id": -10 + }, + { + "membership_id": -20, + "group_subject_id": -40, + "user_subject_id": -50 + }, + { + "membership_id": -30, + "group_subject_id": -30, + "user_subject_id": -2 + }, + { + "membership_id": -40, + "group_subject_id": -30, + "user_subject_id": -10 + }, + { + "membership_id": -50, + "group_subject_id": -30, + "user_subject_id": -50 + } + ], + "user_email_addresses": + [ + { + "user_id": -10, + "email_address": "john.doe@example.com", + "bouncing": false, + "verified": true + }, + { + "user_id": -50, + "email_address": "max.mustermann@example.com", + "bouncing": false, + "verified": true + } + ], + "permissions": + [ + { + "permission_id": -10, + "grantee_id": -1, + "granted_privilege_id": -10 + }, + { + "permission_id": -20, + "grantee_id": -2, + "object_id": -50, + "granted_privilege_id": -20 + }, + { + "permission_id": -30, + "grantee_id": -10, + "object_id": -50, + "granted_privilege_id": -20 + }, + { + "permission_id": -40, + "grantee_id": -50, + "object_id": -50, + "granted_privilege_id": -20 + }, + { + "permission_id": -50, + "grantee_id": -50, + "object_id": -50, + "granted_privilege_id": -30 + }, + { + "permission_id": -60, + "grantee_id": -50, + "object_id": -60, + "granted_privilege_id": -20 + }, + { + "permission_id": -80, + "grantee_id": -30, + "object_id": -10, + "granted_privilege_id": -20 + }, + { + "permission_id": -90, + "grantee_id": -30, + "object_id": -20, + "granted_privilege_id": -20 + }, + { + "permission_id": -100, + "grantee_id": -30, + "object_id": -30, + "granted_privilege_id": -20 + }, + { + "permission_id": -110, + "grantee_id": -30, + "object_id": -40, + "granted_privilege_id": -20 + }, + { + "permission_id": -120, + "grantee_id": -30, + "object_id": -80, + "granted_privilege_id": -20 + }, + { + "permission_id": -130, + "grantee_id": -40, + "object_id": -10, + "granted_privilege_id": -20 + }, + { + "permission_id": -140, + "grantee_id": -40, + "object_id": -20, + "granted_privilege_id": -20 + }, + { + "permission_id": -150, + "grantee_id": -40, + "object_id": -30, + "granted_privilege_id": -20 + }, + { + "permission_id": -160, + "grantee_id": -40, + "object_id": -40, + "granted_privilege_id": -20 + }, + { + "permission_id": -170, + "grantee_id": -40, + "object_id": -80, + "granted_privilege_id": -20 + }, + { + "permission_id": -180, + "grantee_id": -40, + "object_id": -10, + "granted_privilege_id": -30 + }, + { + "permission_id": -190, + "grantee_id": -40, + "object_id": -20, + "granted_privilege_id": -30 + }, + { + "permission_id": -200, + "grantee_id": -40, + "object_id": -30, + "granted_privilege_id": -30 + }, + { + "permission_id": -220, + "grantee_id": -40, + "object_id": -40, + "granted_privilege_id": -30 + }, + { + "permission_id": -230, + "grantee_id": -40, + "object_id": -80, + "granted_privilege_id": -30 + }, + { + "permission_id": -250, + "grantee_id": -50, + "object_id": -70, + "granted_privilege_id": -20 + }, + { + "permission_id": -260, + "grantee_id": -50, + "object_id": -70, + "granted_privilege_id": -30 + }, + { + "permission_id": -270, + "grantee_id": -10, + "granted_privilege_id": -20 + } + ] +} \ No newline at end of file diff --git a/ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionManagerTest/after-grant.json b/ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionManagerTest/after-grant.json index cfa6ac97e..fc22ec0e8 100644 --- a/ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionManagerTest/after-grant.json +++ b/ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionManagerTest/after-grant.json @@ -78,6 +78,7 @@ "family_name": "webmaster", "given_name": "webmaster", "password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==", + "password_reset_required": false, "salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==", "screen_name": "webmaster", "subject_id": -1 @@ -88,6 +89,7 @@ "family_name": "public-user", "given_name": "public-user", "password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==", + "password_reset_required": false, "salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==", "screen_name": "public-user", "subject_id": -2 diff --git a/ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionManagerTest/after-revoke.json b/ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionManagerTest/after-revoke.json index 487a2030b..1a81e26df 100644 --- a/ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionManagerTest/after-revoke.json +++ b/ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionManagerTest/after-revoke.json @@ -78,6 +78,7 @@ "family_name": "webmaster", "given_name": "webmaster", "password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==", + "password_reset_required": false, "salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==", "screen_name": "webmaster", "subject_id": -1 @@ -88,6 +89,7 @@ "family_name": "public-user", "given_name": "public-user", "password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==", + "password_reset_required": false, "salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==", "screen_name": "public-user", "subject_id": -2 diff --git a/ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionManagerTest/data.json b/ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionManagerTest/data.json index e0e3f3b8d..76d9afe57 100644 --- a/ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionManagerTest/data.json +++ b/ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionManagerTest/data.json @@ -79,6 +79,7 @@ "given_name": "webmaster", "password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==", "salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==", + "password_reset_required": false, "screen_name": "webmaster", "subject_id": -1 }, @@ -89,6 +90,7 @@ "given_name": "public-user", "password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==", "salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==", + "password_reset_required": false, "screen_name": "public-user", "subject_id": -2 },