LibreCCM
/
libreccm
3
0
Fork 0
Code Issues 10 Pull Requests Packages Releases Wiki Activity

CCM NG: Progress on the PermissionManager (does not work completly yet) 

git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@3547 8810af33-2d31-482b-a856-94f89814c4df
pull/2/head
jensp 2015-08-04 17:59:36 +00:00
parent 84a59b777a
commit b065abf3bf
10 changed files with 1112 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
ccm-core/src/main/java/org/libreccm/core/Permission.java
View File

@ -59,7 +59,7 @@ import javax.xml.bind.annotation.XmlRootElement;
+ " WHERE m.user = :user)"), + " WHERE m.user = :user)"),
@NamedQuery(name = "findPermissionsForCcmObject", @NamedQuery(name = "findPermissionsForCcmObject",
query = "SELECT p FROM Permission p WHERE p.object = :object"), query = "SELECT p FROM Permission p WHERE p.object = :object"),
@NamedQuery(name = "findPermissionsByUserObjectAndPrivilege", @NamedQuery(name = "findPermissionsForUserPrivilegeAndObject",
query = "SELECT p FROM Permission p " query = "SELECT p FROM Permission p "
+ "WHERE (p.grantee = :user" + "WHERE (p.grantee = :user"
+ " OR p.grantee IN (SELECT g " + " OR p.grantee IN (SELECT g "
@ -67,11 +67,24 @@ import javax.xml.bind.annotation.XmlRootElement;
+ " WHERE m.user = :user))" + " WHERE m.user = :user))"
+ " AND p.grantedPrivilege = :privilege" + " AND p.grantedPrivilege = :privilege"
+ " AND p.object = :object"), + " AND p.object = :object"),
@NamedQuery(name = "findPermissionsBySubjectObjectAndPrivilege", @NamedQuery(name = "findWildcardPermissionsForUserPrivilegeAndObject",
query = "SELECT p FROM Permission p "
+ "WHERE (p.grantee = :user"
+ " OR p.grantee IN (SELECT g "
+ " FROM Group g JOIN g.members m"
+ " WHERE m.user = :user))"
+ " AND p.grantedPrivilege = :privilege"
+ " AND p.object IS NULL"),
@NamedQuery(name = "findPermissionsForSubjectPrivilegeAndObject",
query = "SELECT p FROM Permission p " query = "SELECT p FROM Permission p "
+ "WHERE p.grantee = :subject" + "WHERE p.grantee = :subject"
+ " AND p.grantedPrivilege = :privilege" + " AND p.grantedPrivilege = :privilege"
+ " AND p.object = :object") + " AND p.object = :object"),
@NamedQuery(name = "findWildcardPermissionsForSubjectPrivilegeAndObject",
query = "SELECT p FROM Permission p "
+ "WHERE p.grantee = :subject"
+ " AND p.grantedPrivilege = :privilege"
+ " AND p.object IS NULL")
}) })
//Can't reduce complexity yet //Can't reduce complexity yet

184
ccm-core/src/main/java/org/libreccm/core/PermissionManager.java
View File

@ -18,7 +18,10 @@
*/ */
package org.libreccm.core; package org.libreccm.core;
import java.util.List;
import javax.enterprise.context.RequestScoped; import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
/** /**
* *
@ -27,20 +30,48 @@ import javax.enterprise.context.RequestScoped;
@RequestScoped @RequestScoped
public class PermissionManager { public class PermissionManager {
@Inject
private transient PermissionRepository permissionRepository;
@Inject
private transient PrivilegeRepository privilegeRepository;
@Inject
private transient CcmObjectRepository ccmObjectRepository;
@Inject
private transient SubjectRepository subjectRepository;
/** /**
* Creates a new permission granting the provided {@code privilege} on the * Creates a new permission granting the provided {@code privilege} on the
* provided {@code object} to the provided {@code subject}. If the * provided {@code object} to the provided {@code subject}. If the
* permission is already granted to the provided {@code subject} this method * permission is already granted to the provided {@code subject} this method
* does nothing. * does nothing.
* *
* @param privilege The privilege to grant. * @param privilege The privilege to grant. Can't be {@code null}.
* @param object The object on which the privilege is granted. * @param object The object on which the privilege is granted. Can be
* @param subject The subject to grant the privilege to. * {@code null}.
* @param subject The subject to grant the privilege to. Can't be
* {@code null}.
*/ */
public void grantPermission(final Privilege privilege, public void grantPermission(final Privilege privilege,
final CcmObject object, final CcmObject object,
final Subject subject) { final Subject subject) {
throw new UnsupportedOperationException(); if (!isPermitted(privilege, object, subject)) {
final Permission permission = new Permission();
permission.setGrantedPrivilege(privilege);
permission.setObject(object);
permission.setGrantee(subject);
subject.addGrantedPermission(permission);
subjectRepository.save(subject);
if (object != null) {
object.addPermission(permission);
ccmObjectRepository.save(object);
}
permissionRepository.save(permission);
}
} }
/** /**
@ -49,14 +80,30 @@ public class PermissionManager {
* permission granting the provided privilege on the provided {@code object} * permission granting the provided privilege on the provided {@code object}
* to the provided {@code subject} this method does nothing. * to the provided {@code subject} this method does nothing.
* *
* @param privilege The privilege to revoke * @param privilege The privilege to revoke. Can't be {@code null}.
* @param object The object on which the privilege is revoked. * @param object The object on which the privilege is revoked. Can be
* @param subject The subject to revoke the privilege from. * {@code null}.
* @param subject The subject to revoke the privilege from. Can't be
* {@code null}.
*/ */
public void revokePermission(final Privilege privilege, public void revokePermission(final Privilege privilege,
final CcmObject object, final CcmObject object,
final Subject subject) { final Subject subject) {
throw new UnsupportedOperationException(); final List<Permission> permissions = permissionRepository
.findPermissionsForSubjectPrivilegeAndObject(subject,
privilege,
object);
for (final Permission permission : permissions) {
if (object != null) {
object.removePermission(permission);
ccmObjectRepository.save(object);
}
subject.removeGrantedPermission(permission);
subjectRepository.save(subject);
permissionRepository.delete(permission);
}
} }
/** /**
@ -67,9 +114,11 @@ public class PermissionManager {
* the public user from the database. If there is no public user the method * the public user from the database. If there is no public user the method
* will return {@code false}. * will return {@code false}.
* *
* @param privilege The privilege to check. * @param privilege The privilege to check. Can't be {@code null}.
* @param object The object on which the privilege is granted. * @param object The object on which the privilege is granted. Can't be
* @param subject The subject to which the privilege is granted. * {@code null}.
* @param subject The subject to which the privilege is granted. Can't be
* {@code null}.
* *
* @return {@code true} of the subject has a permission granting * @return {@code true} of the subject has a permission granting
* {@code privilege} on {@code object}, either explicit or implicit. * {@code privilege} on {@code object}, either explicit or implicit.
@ -79,7 +128,101 @@ public class PermissionManager {
public boolean isPermitted(final Privilege privilege, public boolean isPermitted(final Privilege privilege,
final CcmObject object, final CcmObject object,
final Subject subject) { final Subject subject) {
throw new UnsupportedOperationException(); if (subject instanceof User) {
return isPermitted(privilege, object, (User) subject);
} else if (subject instanceof Group) {
return isPermitted(privilege, object, (Group) subject);
} else {
return false;
}
}
public boolean isPermitted(final Privilege privilege,
final CcmObject object,
final User user) {
boolean result;
final List<Permission> directPermissions = permissionRepository
.findPermissionsForUserPrivilegeAndObject(user, privilege, object);
result = !directPermissions.isEmpty();
if (!result) {
final List<Permission> permissions = permissionRepository
.findPermissionsForUserPrivilegeAndObject(user, privilege, null);
result = !permissions.isEmpty();
}
if (!result) {
final Privilege admin = privilegeRepository.retrievePrivilege(
"admin");
if (admin != null) {
final List<Permission> permissions = permissionRepository
.findPermissionsForUserPrivilegeAndObject(user,
privilege,
object);
result = !permissions.isEmpty();
}
}
if (!result) {
final Privilege admin = privilegeRepository.retrievePrivilege(
"admin");
if (admin != null) {
final List<Permission> permissions = permissionRepository
.findPermissionsForUserPrivilegeAndObject(user,
privilege,
null);
result = !permissions.isEmpty();
}
}
return result;
}
public boolean isPermitted(final Privilege privilege,
final CcmObject object,
final Group group) {
boolean result;
final List<Permission> directPermissions = permissionRepository
.findPermissionsForSubjectPrivilegeAndObject(group,
privilege,
object);
result = !directPermissions.isEmpty();
if (!result) {
final List<Permission> permissions = permissionRepository
.findPermissionsForSubjectPrivilegeAndObject(group,
privilege,
null);
result = !permissions.isEmpty();
}
if (!result) {
final Privilege admin = privilegeRepository.retrievePrivilege(
"admin");
if (admin != null) {
final List<Permission> permissions = permissionRepository
.findPermissionsForSubjectPrivilegeAndObject(group,
admin,
object);
result = !permissions.isEmpty();
}
}
if (!result) {
final Privilege admin = privilegeRepository.retrievePrivilege(
"admin");
if (admin != null) {
final List<Permission> permissions = permissionRepository
.findPermissionsForSubjectPrivilegeAndObject(group,
admin,
null);
result = !permissions.isEmpty();
}
}
return result;
} }
/** /**
@ -90,9 +233,11 @@ public class PermissionManager {
* the public user from the database. If there is no public user the method * the public user from the database. If there is no public user the method
* will return {@code false}. * will return {@code false}.
* *
* @param privilege The privilege to check. * @param privilege The privilege to check. Can't be {@code null}.
* @param object The object on which the privilege is granted. * @param object The object on which the privilege is granted. Can't be
* @param subject The subject to which the privilege is granted. * {@code null}.
* @param subject The subject to which the privilege is granted. Can't be
* {@code null}.
* *
* @throws UnauthorizedAcccessException If there is no permission granting * @throws UnauthorizedAcccessException If there is no permission granting
* {@code privilege} on {@code object} * {@code privilege} on {@code object}
@ -105,7 +250,14 @@ public class PermissionManager {
final CcmObject object, final CcmObject object,
final Subject subject) final Subject subject)
throws UnauthorizedAcccessException { throws UnauthorizedAcccessException {
throw new UnsupportedOperationException(); if (!isPermitted(privilege, object, subject)) {
throw new UnauthorizedAcccessException(String.format(
"Privilege \"%s\" has not been granted to subject \"%s\" "
+ "on object \"%s\".",
privilege.getLabel(),
subject.toString(),
object.toString()));
}
} }
} }

117
ccm-core/src/main/java/org/libreccm/core/PermissionRepository.java
View File

@ -32,7 +32,7 @@ import javax.persistence.TypedQuery;
*/ */
@RequestScoped @RequestScoped
public class PermissionRepository public class PermissionRepository
extends AbstractEntityRepository<Long, Permission> { extends AbstractEntityRepository<Long, Permission> {
@Inject @Inject
private transient EntityManager entityManager; private transient EntityManager entityManager;
@ -51,6 +51,7 @@ public class PermissionRepository
* {@inheritDoc } * {@inheritDoc }
* *
* @param entity {@inheritDoc } * @param entity {@inheritDoc }
*
* @return {@inheritDoc } * @return {@inheritDoc }
*/ */
@Override @Override
@ -71,40 +72,42 @@ public class PermissionRepository
* {@link #findPermissionsForUser(org.libreccm.core.User)} method instead. * {@link #findPermissionsForUser(org.libreccm.core.User)} method instead.
* *
* @param subject The subject. * @param subject The subject.
*
* @return All permissions granted to the provided subject. * @return All permissions granted to the provided subject.
*/ */
public List<Permission> findPermissionsForSubject(final Subject subject) { public List<Permission> findPermissionsForSubject(final Subject subject) {
if (subject == null) { if (subject == null) {
throw new IllegalArgumentException( throw new IllegalArgumentException(
"Illegal value 'null' provided for parameter subject."); "Illegal value 'null' provided for parameter subject.");
} }
final TypedQuery<Permission> query = entityManager.createNamedQuery( final TypedQuery<Permission> query = entityManager.createNamedQuery(
"findPermissionsForSubject", Permission.class); "findPermissionsForSubject", Permission.class);
query.setParameter("subject", subject); query.setParameter("subject", subject);
return query.getResultList(); return query.getResultList();
} }
/** /**
* Finds a permissions granted to a user and to the groups the user is * Finds a permissions granted to a user and to the groups the user is
* member of. * member of.
* *
* If you only need the permissions assigned to the user itself use the * If you only need the permissions assigned to the user itself use the
* {@link #findPermissionsForSubject(org.libreccm.core.Subject)} method. * {@link #findPermissionsForSubject(org.libreccm.core.Subject)} method.
* *
* @param user The user. * @param user The user.
* @return All permissions granted to the user or the groups the user is *
* member of. * @return All permissions granted to the user or the groups the user is
* member of.
*/ */
public List<Permission> findPermissionsForUser(final User user) { public List<Permission> findPermissionsForUser(final User user) {
if (user == null) { if (user == null) {
throw new IllegalArgumentException( throw new IllegalArgumentException(
"Illegal value 'null' provided for parameter user"); "Illegal value 'null' provided for parameter user");
} }
final TypedQuery<Permission> query = entityManager.createNamedQuery( final TypedQuery<Permission> query = entityManager.createNamedQuery(
"findPermissionsForUser", Permission.class); "findPermissionsForUser", Permission.class);
query.setParameter("user", user); query.setParameter("user", user);
return query.getResultList(); return query.getResultList();
@ -112,39 +115,89 @@ public class PermissionRepository
/** /**
* Finds all permissions granted on a object. * Finds all permissions granted on a object.
* *
* @param object The object. * @param object The object.
*
* @return All permissions granted on the object. * @return All permissions granted on the object.
*/ */
public List<Permission> findPermissionsForCcmObject(final CcmObject object) { public List<Permission> findPermissionsForCcmObject(final CcmObject object) {
if (object == null) { if (object == null) {
throw new IllegalArgumentException( throw new IllegalArgumentException(
"Illegal value 'null' provided for parameter object."); "Illegal value 'null' provided for parameter object.");
} }
final TypedQuery<Permission> query = entityManager.createNamedQuery( final TypedQuery<Permission> query = entityManager.createNamedQuery(
"findPermissionsForCcmObject", Permission.class); "findPermissionsForCcmObject", Permission.class);
query.setParameter("object", object); query.setParameter("object", object);
return query.getResultList(); return query.getResultList();
} }
// public List<Permission> findPermissionForUserPrivilegeAndObject( public List<Permission> findPermissionsForUserPrivilegeAndObject(
// final User user, final User user,
// final Privilege privilege, final Privilege privilege,
// final CcmObject object) { final CcmObject object) {
// if (user == null) {
// throw new IllegalArgumentException( if (user == null) {
// "Illegal value 'null' provided for parameter user"); throw new IllegalArgumentException(
// } "Illegal value 'null' provided for parameter user");
// }
// if (privilege == null) {
// throw new IllegalArgumentException( if (privilege == null) {
// "Illegal value 'null' provided for parameter privilege"); throw new IllegalArgumentException(
// } "Illegal value 'null' provided for parameter privilege");
// }
// final TypedQuery<Permission> query = entityManager.createNamedQuery(
// "findPermissionsForUserPrivilegeAndObject", Permission.class); final TypedQuery<Permission> query;
// if (object == null) {
// } query = entityManager.createNamedQuery(
"findWildcardPermissionsForUserPrivilegeAndObject",
Permission.class);
} else {
query = entityManager.createNamedQuery(
"findPermissionsForUserPrivilegeAndObject", Permission.class);
query.setParameter("object", object);
}
query.setParameter("user", user);
query.setParameter("privilege", privilege);
return query.getResultList();
}
public List<Permission> findPermissionsForSubjectPrivilegeAndObject(
final Subject subject,
final Privilege privilege,
final CcmObject object) {
if (subject == null) {
throw new IllegalArgumentException(
"Illegal value 'null' provided for parameter subject");
}
if (privilege == null) {
throw new IllegalArgumentException(
"Illegal value 'null' provided for parameter privilege");
}
final TypedQuery<Permission> query;
if (object == null) {
query = entityManager.createNamedQuery(
"findWildcardPermissionsForSubjectPrivilegeAndObject",
Permission.class);
} else {
query = entityManager.createNamedQuery(
"findPermissionsForSubjectPrivilegeAndObject", Permission.class);
query.setParameter("object", object);
}
query.setParameter("subject", subject);
query.setParameter("privilege", privilege);
return query.getResultList();
}
} }

41
ccm-core/src/main/java/org/libreccm/core/SubjectRepository.java 100644
View File

@ -0,0 +1,41 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.core;
import javax.enterprise.context.RequestScoped;
/**
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@RequestScoped
public class SubjectRepository extends AbstractEntityRepository<Long, Subject> {
@Override
public Class<Subject> getEntityClass() {
return Subject.class;
}
@Override
public boolean isNew(final Subject entity) {
return entity.getSubjectId() == 0;
}
}

1
ccm-core/src/test/java/org/libreccm/core/DatasetsTest.java
View File

@ -55,6 +55,7 @@ public class DatasetsTest extends DatasetsVerifier {
"/datasets/org/libreccm/core/GroupRepositoryTest/after-save-changed.json", "/datasets/org/libreccm/core/GroupRepositoryTest/after-save-changed.json",
"/datasets/org/libreccm/core/GroupRepositoryTest/after-save-new.json", "/datasets/org/libreccm/core/GroupRepositoryTest/after-save-new.json",
"/datasets/org/libreccm/core/PermissionManagerTest/after-grant.json", "/datasets/org/libreccm/core/PermissionManagerTest/after-grant.json",
"/datasets/org/libreccm/core/PermissionManagerTest/after-grant-wildcard.json",
"/datasets/org/libreccm/core/PermissionManagerTest/after-revoke.json", "/datasets/org/libreccm/core/PermissionManagerTest/after-revoke.json",
"/datasets/org/libreccm/core/PermissionManagerTest/data.json", "/datasets/org/libreccm/core/PermissionManagerTest/data.json",
"/datasets/org/libreccm/core/PermissionRepositoryTest/after-save-changed.json", "/datasets/org/libreccm/core/PermissionRepositoryTest/after-save-changed.json",

564
ccm-core/src/test/java/org/libreccm/core/PermissionManagerTest.java
View File

@ -18,12 +18,16 @@
*/ */
package org.libreccm.core; package org.libreccm.core;
import static org.hamcrest.Matchers.*;
import java.io.File; import java.io.File;
import org.jboss.arquillian.container.test.api.Deployment; import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.container.test.api.ShouldThrowException; import org.jboss.arquillian.container.test.api.ShouldThrowException;
import org.jboss.arquillian.junit.Arquillian; import org.jboss.arquillian.junit.Arquillian;
import org.jboss.arquillian.junit.InSequence; import org.jboss.arquillian.junit.InSequence;
import org.jboss.arquillian.persistence.PersistenceTest; import org.jboss.arquillian.persistence.PersistenceTest;
import org.jboss.arquillian.persistence.ShouldMatchDataSet;
import org.jboss.arquillian.persistence.UsingDataSet; import org.jboss.arquillian.persistence.UsingDataSet;
import org.jboss.arquillian.transaction.api.annotation.TransactionMode; import org.jboss.arquillian.transaction.api.annotation.TransactionMode;
import org.jboss.arquillian.transaction.api.annotation.Transactional; import org.jboss.arquillian.transaction.api.annotation.Transactional;
@ -41,6 +45,11 @@ import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.libreccm.tests.categories.IntegrationTest; import org.libreccm.tests.categories.IntegrationTest;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.inject.Inject;
import static org.junit.Assert.*; import static org.junit.Assert.*;
/** /**
@ -53,6 +62,34 @@ import static org.junit.Assert.*;
@Transactional(TransactionMode.COMMIT) @Transactional(TransactionMode.COMMIT)
public class PermissionManagerTest { public class PermissionManagerTest {
private static final String TEST_OBJECT_1 = "Test Object 1";
private static final String TEST_OBJECT_2 = "Test Object 2";
private static final String TEST_OBJECT_3 = "Test Object 3";
private static final String TEST_OBJECT_4 = "Test Object 4";
private static final String TEST_OBJECT_5 = "Test Object 5";
private static final String TEST_OBJECT_6 = "Test Object 6";
private static final String TEST_OBJECT_7 = "Test Object 7";
private static final String TEST_OBJECT_8 = "Test Object 8";
private static final String ADMIN = "admin";
private static final String READ = "read";
private static final String WRITE = "write";
@Inject
private transient PermissionManager permissionManager;
@Inject
private transient PrivilegeRepository privilegeRepository;
@Inject
private transient CcmObjectRepository ccmObjectRepository;
@Inject
private transient UserRepository userRepository;
@Inject
private transient GroupRepository groupRepository;
public PermissionManagerTest() { public PermissionManagerTest() {
} }
@ -80,10 +117,10 @@ public class PermissionManagerTest {
@Deployment @Deployment
public static WebArchive createDeployment() { public static WebArchive createDeployment() {
final PomEquippedResolveStage pom = Maven final PomEquippedResolveStage pom = Maven
.resolver() .resolver()
.loadPomFromFile("pom.xml"); .loadPomFromFile("pom.xml");
final PomEquippedResolveStage dependencies = pom. final PomEquippedResolveStage dependencies = pom.
importCompileAndRuntimeDependencies(); importCompileAndRuntimeDependencies();
final File[] libs = dependencies.resolve().withTransitivity().asFile(); final File[] libs = dependencies.resolve().withTransitivity().asFile();
for (File lib : libs) { for (File lib : libs) {
@ -92,111 +129,462 @@ public class PermissionManagerTest {
} }
return ShrinkWrap return ShrinkWrap
.create(WebArchive.class, .create(WebArchive.class,
String.format("LibreCCM-%s.war", String.format("LibreCCM-%s.war",
PermissionManagerTest.class.getName())) PermissionManagerTest.class.getName()))
.addPackage(User.class.getPackage()) .addPackage(User.class.getPackage())
.addPackage(org.libreccm.web.Application.class.getPackage()) .addPackage(org.libreccm.web.Application.class.getPackage())
.addPackage(org.libreccm.categorization.Category.class. .addPackage(org.libreccm.categorization.Category.class.
getPackage()) getPackage())
.addPackage(org.libreccm.l10n.LocalizedString.class.getPackage()). .addPackage(org.libreccm.l10n.LocalizedString.class.getPackage()).
addPackage(org.libreccm.jpa.EntityManagerProducer.class addPackage(org.libreccm.jpa.EntityManagerProducer.class
.getPackage()) .getPackage())
.addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class .addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class
.getPackage()) .getPackage())
.addPackage(org.libreccm.testutils.EqualsVerifier.class. .addPackage(org.libreccm.testutils.EqualsVerifier.class.
getPackage()) getPackage())
.addPackage(org.libreccm.tests.categories.IntegrationTest.class .addPackage(org.libreccm.tests.categories.IntegrationTest.class
.getPackage()) .getPackage())
.addAsLibraries(libs) .addAsLibraries(libs)
.addAsResource("test-persistence.xml", .addAsResource("test-persistence.xml",
"META-INF/persistence.xml") "META-INF/persistence.xml")
.addAsWebInfResource("test-web.xml", "WEB-INF/web.xml") .addAsWebInfResource("test-web.xml", "WEB-INF/web.xml")
.addAsWebInfResource(EmptyAsset.INSTANCE, "WEB-INF/beans.xml"); .addAsWebInfResource(EmptyAsset.INSTANCE, "WEB-INF/beans.xml");
}
private Map<String, CcmObject> retrieveTestObjects() {
final long[] objectIds = {-10, -20, -30, -40, -50, -60, -70, -80};
final Map<String, CcmObject> objects = new LinkedHashMap<>();
for (final long objectId : objectIds) {
final CcmObject object = ccmObjectRepository.findById(objectId);
objects.put(object.getDisplayName(), object);
}
return objects;
}
private Map<String, Privilege> retrievePrivileges() {
final String[] privilegLabels = {"admin", "read", "write"};
final Map<String, Privilege> privileges = new LinkedHashMap<>();
for (final String label : privilegLabels) {
final Privilege privilege = privilegeRepository.retrievePrivilege(
label);
privileges.put(label, privilege);
}
return privileges;
}
private void verifyIsPermitted(final Subject subject,
final Privilege privilege,
final Map<CcmObject, Boolean> expected) {
final String subjectName;
if (subject instanceof User) {
subjectName = ((User) subject).getScreenName();
} else if (subject instanceof Group) {
subjectName = ((Group) subject).getName();
} else {
subjectName = "???";
}
for (Map.Entry<CcmObject, Boolean> entry : expected.entrySet()) {
assertThat(String.format("isPermitted should return %b for subject "
+ "%s and privilege %s on object %s.",
entry.getValue(),
subjectName,
privilege.getLabel(),
entry.getKey().getDisplayName()),
permissionManager.isPermitted(privilege,
entry.getKey(),
subject),
is(entry.getValue()));
}
} }
@Test @Test
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json") + "data.json")
@InSequence(10)
public void isPermittedWebmaster() {
final User webmaster = userRepository.findByScreenName("webmaster");
final Map<String, CcmObject> testObjects = retrieveTestObjects();
final Map<String, Privilege> privileges = retrievePrivileges();
final Map<CcmObject, Boolean> expected = new LinkedHashMap<>();
expected.put(testObjects.get(TEST_OBJECT_1), true);
expected.put(testObjects.get(TEST_OBJECT_2), true);
expected.put(testObjects.get(TEST_OBJECT_3), true);
expected.put(testObjects.get(TEST_OBJECT_4), true);
expected.put(testObjects.get(TEST_OBJECT_5), true);
expected.put(testObjects.get(TEST_OBJECT_6), true);
expected.put(testObjects.get(TEST_OBJECT_7), true);
expected.put(testObjects.get(TEST_OBJECT_8), true);
verifyIsPermitted(webmaster, privileges.get(ADMIN), expected);
verifyIsPermitted(webmaster, privileges.get(READ), expected);
verifyIsPermitted(webmaster, privileges.get(WRITE), expected);
}
@Test
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json")
@InSequence(20)
public void isPermittedJdoe() {
final User jdoe = userRepository.findByScreenName("jdoe");
final Map<String, CcmObject> testObjects = retrieveTestObjects();
final Map<String, Privilege> privileges = retrievePrivileges();
final Map<CcmObject, Boolean> expectedRead = new LinkedHashMap<>();
expectedRead.put(testObjects.get(TEST_OBJECT_1), true);
expectedRead.put(testObjects.get(TEST_OBJECT_2), true);
expectedRead.put(testObjects.get(TEST_OBJECT_3), true);
expectedRead.put(testObjects.get(TEST_OBJECT_4), true);
expectedRead.put(testObjects.get(TEST_OBJECT_5), true);
expectedRead.put(testObjects.get(TEST_OBJECT_6), false);
expectedRead.put(testObjects.get(TEST_OBJECT_7), false);
expectedRead.put(testObjects.get(TEST_OBJECT_8), true);
final Map<CcmObject, Boolean> expectedWrite = new LinkedHashMap<>();
expectedWrite.put(testObjects.get(TEST_OBJECT_1), true);
expectedWrite.put(testObjects.get(TEST_OBJECT_2), true);
expectedWrite.put(testObjects.get(TEST_OBJECT_3), true);
expectedWrite.put(testObjects.get(TEST_OBJECT_4), true);
expectedWrite.put(testObjects.get(TEST_OBJECT_5), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_6), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_7), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_8), true);
verifyIsPermitted(jdoe, privileges.get(READ), expectedRead);
verifyIsPermitted(jdoe, privileges.get(WRITE), expectedWrite);
}
@Test
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json")
@InSequence(30)
public void isPermittedMmuster() {
final User mmuster = userRepository.findByScreenName("mmuster");
final Map<String, CcmObject> testObjects = retrieveTestObjects();
final Map<String, Privilege> privileges = retrievePrivileges();
final Map<CcmObject, Boolean> expectedRead = new LinkedHashMap<>();
expectedRead.put(testObjects.get(TEST_OBJECT_1), true);
expectedRead.put(testObjects.get(TEST_OBJECT_2), true);
expectedRead.put(testObjects.get(TEST_OBJECT_3), true);
expectedRead.put(testObjects.get(TEST_OBJECT_4), true);
expectedRead.put(testObjects.get(TEST_OBJECT_5), true);
expectedRead.put(testObjects.get(TEST_OBJECT_6), true);
expectedRead.put(testObjects.get(TEST_OBJECT_7), false);
expectedRead.put(testObjects.get(TEST_OBJECT_8), true);
final Map<CcmObject, Boolean> expectedWrite = new LinkedHashMap<>();
expectedWrite.put(testObjects.get(TEST_OBJECT_1), true);
expectedWrite.put(testObjects.get(TEST_OBJECT_2), true);
expectedWrite.put(testObjects.get(TEST_OBJECT_3), true);
expectedWrite.put(testObjects.get(TEST_OBJECT_4), true);
expectedWrite.put(testObjects.get(TEST_OBJECT_5), true);
expectedWrite.put(testObjects.get(TEST_OBJECT_6), true);
expectedWrite.put(testObjects.get(TEST_OBJECT_7), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_8), true);
verifyIsPermitted(mmuster, privileges.get(READ), expectedRead);
verifyIsPermitted(mmuster, privileges.get(WRITE), expectedWrite);
}
@Test
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json")
@InSequence(40)
public void isPermittedPublicUser() {
final User publicUser = userRepository.findByScreenName("public-user");
final Map<String, CcmObject> testObjects = retrieveTestObjects();
final Map<String, Privilege> privileges = retrievePrivileges();
final Map<CcmObject, Boolean> expectedRead = new LinkedHashMap<>();
expectedRead.put(testObjects.get(TEST_OBJECT_1), true);
expectedRead.put(testObjects.get(TEST_OBJECT_2), true);
expectedRead.put(testObjects.get(TEST_OBJECT_3), true);
expectedRead.put(testObjects.get(TEST_OBJECT_4), true);
expectedRead.put(testObjects.get(TEST_OBJECT_5), true);
expectedRead.put(testObjects.get(TEST_OBJECT_6), false);
expectedRead.put(testObjects.get(TEST_OBJECT_7), false);
expectedRead.put(testObjects.get(TEST_OBJECT_8), true);
final Map<CcmObject, Boolean> expectedWrite = new LinkedHashMap<>();
expectedWrite.put(testObjects.get(TEST_OBJECT_1), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_2), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_3), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_4), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_5), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_6), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_7), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_8), false);
verifyIsPermitted(publicUser, privileges.get(READ), expectedRead);
verifyIsPermitted(publicUser, privileges.get(WRITE), expectedWrite);
}
@Test
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json")
@InSequence(50)
public void isPermittedUsers() {
final Group users = groupRepository.findByGroupName("users");
final Map<String, CcmObject> testObjects = retrieveTestObjects();
final Map<String, Privilege> privileges = retrievePrivileges();
final Map<CcmObject, Boolean> expectedRead = new LinkedHashMap<>();
expectedRead.put(testObjects.get(TEST_OBJECT_1), true);
expectedRead.put(testObjects.get(TEST_OBJECT_2), true);
expectedRead.put(testObjects.get(TEST_OBJECT_3), true);
expectedRead.put(testObjects.get(TEST_OBJECT_4), true);
expectedRead.put(testObjects.get(TEST_OBJECT_5), false);
expectedRead.put(testObjects.get(TEST_OBJECT_6), false);
expectedRead.put(testObjects.get(TEST_OBJECT_7), false);
expectedRead.put(testObjects.get(TEST_OBJECT_8), true);
final Map<CcmObject, Boolean> expectedWrite = new LinkedHashMap<>();
expectedWrite.put(testObjects.get(TEST_OBJECT_1), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_2), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_3), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_4), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_5), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_6), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_7), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_8), false);
verifyIsPermitted(users, privileges.get(READ), expectedRead);
verifyIsPermitted(users, privileges.get(WRITE), expectedWrite);
}
@Test
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json")
@InSequence(60)
public void isPermittedAuthors() {
final Group authors = groupRepository.findByGroupName("authors");
final Map<String, CcmObject> testObjects = retrieveTestObjects();
final Map<String, Privilege> privileges = retrievePrivileges();
final Map<CcmObject, Boolean> expectedRead = new LinkedHashMap<>();
expectedRead.put(testObjects.get(TEST_OBJECT_1), true);
expectedRead.put(testObjects.get(TEST_OBJECT_2), true);
expectedRead.put(testObjects.get(TEST_OBJECT_3), true);
expectedRead.put(testObjects.get(TEST_OBJECT_4), true);
expectedRead.put(testObjects.get(TEST_OBJECT_5), false);
expectedRead.put(testObjects.get(TEST_OBJECT_6), false);
expectedRead.put(testObjects.get(TEST_OBJECT_7), false);
expectedRead.put(testObjects.get(TEST_OBJECT_8), true);
final Map<CcmObject, Boolean> expectedWrite = new LinkedHashMap<>();
expectedWrite.put(testObjects.get(TEST_OBJECT_1), true);
expectedWrite.put(testObjects.get(TEST_OBJECT_2), true);
expectedWrite.put(testObjects.get(TEST_OBJECT_3), true);
expectedWrite.put(testObjects.get(TEST_OBJECT_4), true);
expectedWrite.put(testObjects.get(TEST_OBJECT_5), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_6), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_7), false);
expectedWrite.put(testObjects.get(TEST_OBJECT_8), true);
verifyIsPermitted(authors, privileges.get(READ), expectedRead);
verifyIsPermitted(authors, privileges.get(WRITE), expectedWrite);
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(70)
public void isPermittedNullPrivilege() {
final CcmObject object = ccmObjectRepository.findById(-10L);
final User user = userRepository.findByScreenName("webmaster");
permissionManager.isPermitted(null, object, user);
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(80)
public void isPermittedNullObject() {
final Privilege privilege = privilegeRepository
.retrievePrivilege(READ);
final User user = userRepository.findByScreenName("webmaster");
permissionManager.isPermitted(privilege, null, user);
}
@Test
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json")
@InSequence(100)
public void checkPermissionValid() throws UnauthorizedAcccessException {
final Privilege privilege = privilegeRepository
.retrievePrivilege(READ);
final CcmObject object = ccmObjectRepository.findById(-10L);
final User user = userRepository.findByScreenName("jdoe");
permissionManager.checkPermission(privilege, object, user);
}
@Test(expected = UnauthorizedAcccessException.class)
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json")
@ShouldThrowException(UnauthorizedAcccessException.class)
@InSequence(110) @InSequence(110)
public void isPermittedGrantedByAdminPrivilege() { public void checkPermissionInValid() throws UnauthorizedAcccessException {
fail(); final Privilege privilege = privilegeRepository
.retrievePrivilege(READ);
final CcmObject object = ccmObjectRepository.findById(-60L);
final User user = userRepository.findByScreenName("jdoe");
permissionManager.checkPermission(privilege, object, user);
} }
@Test @Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json") + "data.json")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(120) @InSequence(120)
public void isPermittedGrantedByDirectPermission() { public void checkPermissionNullPrivilege() throws
fail(); UnauthorizedAcccessException {
final CcmObject object = ccmObjectRepository.findById(-10L);
final User user = userRepository.findByScreenName("webmaster");
permissionManager.checkPermission(null, object, user);
} }
@Test @Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json") + "data.json")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(130) @InSequence(130)
public void isPermittedGrantedByGroup() { public void checkPermissionNullObject() throws UnauthorizedAcccessException {
fail(); final Privilege privilege = privilegeRepository
.retrievePrivilege(READ);
final User user = userRepository.findByScreenName("webmaster");
permissionManager.checkPermission(privilege, null, user);
} }
@Test @Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json") + "data.json")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(140) @InSequence(140)
public void isPermittedPublicUserGranted() { public void checkPermissionNullSubject() throws UnauthorizedAcccessException {
fail(); final Privilege privilege = privilegeRepository
.retrievePrivilege(READ);
final CcmObject object = ccmObjectRepository.findById(-10L);
permissionManager.checkPermission(privilege, object, null);
} }
@Test @Test
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json") + "data.json")
@ShouldMatchDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "after-grant.json")
@InSequence(150) @InSequence(150)
public void isPermittedPublicUserDenied() { public void grantPermission() {
fail(); final Privilege read = privilegeRepository.retrievePrivilege(READ);
final Privilege write = privilegeRepository.retrievePrivilege(WRITE);
final User jdoe = userRepository.findByScreenName("jdoe");
final User mmuster = userRepository.findByScreenName("mmuster");
final CcmObject object6 = ccmObjectRepository.findById(-60L);
final CcmObject object7 = ccmObjectRepository.findById(-70L);
permissionManager.grantPermission(read, object6, jdoe);
permissionManager.grantPermission(read, object7, mmuster);
permissionManager.grantPermission(write, object7, mmuster);
} }
@Test(expected = UnauthorizedAcccessException.class) @Test
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/" @UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json") + "data.json")
@ShouldThrowException(UnauthorizedAcccessException.class) @ShouldMatchDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "after-grant-wildcard.json")
@InSequence(160)
public void grantWildcardPermission() {
final Privilege read = privilegeRepository.retrievePrivilege(READ);
final User jdoe = userRepository.findByScreenName("jdoe");
permissionManager.grantPermission(read, null, jdoe);
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(170)
public void grantPermissionNullPrivilege() {
final User jdoe = userRepository.findByScreenName("jdoe");
final CcmObject object6 = ccmObjectRepository.findById(-60L);
permissionManager.grantPermission(null, object6, jdoe);
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(180)
public void grantPermissionNullSubject() {
final Privilege read = privilegeRepository.retrievePrivilege(READ);
final CcmObject object6 = ccmObjectRepository.findById(-60L);
permissionManager.grantPermission(read, object6, null);
}
@Test
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json")
@ShouldMatchDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "after-revoke.json")
@InSequence(190)
public void revokePermission() {
final Privilege read = privilegeRepository.retrievePrivilege(READ);
final Privilege write = privilegeRepository.retrievePrivilege(WRITE);
final User jdoe = userRepository.findByScreenName("jdoe");
final User mmuster = userRepository.findByScreenName("mmuster");
final CcmObject object5 = ccmObjectRepository.findById(-50L);
final CcmObject object6 = ccmObjectRepository.findById(-60L);
permissionManager.revokePermission(read, object5, jdoe);
permissionManager.revokePermission(write, object6, mmuster);
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(200)
public void revokePermissionNullPrivilege() {
final User jdoe = userRepository.findByScreenName("jdoe");
final CcmObject object5 = ccmObjectRepository.findById(-50L);
permissionManager.revokePermission(null, object5, jdoe);
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(210) @InSequence(210)
public void checkPermittedGrantedByAdminPrivilege() { public void revokePermissionNullSubject() {
fail(); final Privilege read = privilegeRepository.retrievePrivilege(READ);
} final CcmObject object6 = ccmObjectRepository.findById(-60L);
@Test(expected = UnauthorizedAcccessException.class) permissionManager.revokePermission(read, object6, null);
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json")
@ShouldThrowException(UnauthorizedAcccessException.class)
@InSequence(220)
public void checkPermittedGrantedByDirectPermission() {
fail();
}
@Test(expected = UnauthorizedAcccessException.class)
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json")
@ShouldThrowException(UnauthorizedAcccessException.class)
@InSequence(230)
public void checkPermittedGrantedByGroup() {
fail();
}
@Test(expected = UnauthorizedAcccessException.class)
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json")
@ShouldThrowException(UnauthorizedAcccessException.class)
@InSequence(240)
public void checkPermittedPublicUserGranted() {
fail();
}
@Test(expected = UnauthorizedAcccessException.class)
@UsingDataSet("datasets/org/libreccm/core/PermissionManagerTest/"
+ "data.json")
@ShouldThrowException(UnauthorizedAcccessException.class)
@InSequence(250)
public void checkPermittedPublicUserDenied() {
fail();
} }
} }

319
ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionManagerTest/after-grant-wildcard.json 100644
View File

@ -0,0 +1,319 @@
{
"ccm_objects":
[
{
"object_id": -10,
"display_name": "Test Object 1"
},
{
"object_id": -20,
"display_name": "Test Object 2"
},
{
"object_id": -30,
"display_name": "Test Object 3"
},
{
"object_id": -40,
"display_name": "Test Object 4"
},
{
"object_id": -50,
"display_name": "Test Object 5"
},
{
"object_id": -60,
"display_name": "Test Object 6"
},
{
"object_id": -70,
"display_name": "Test Object 7"
},
{
"object_id": -80,
"display_name": "Test Object 8"
}
],
"ccm_privileges":
[
{
"privilege_id": -10,
"label": "admin"
},
{
"privilege_id": -20,
"label": "read"
},
{
"privilege_id": -30,
"label": "write"
}
],
"subjects":
[
{
"subject_id": -1
},
{
"subject_id": -2
},
{
"subject_id": -10
},
{
"subject_id": -30
},
{
"subject_id": -40
},
{
"subject_id": -50
}
],
"ccm_users":
[
{
"banned": false,
"hash_algorithm": "SHA-512",
"family_name": "webmaster",
"given_name": "webmaster",
"password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==",
"password_reset_required": false,
"salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==",
"screen_name": "webmaster",
"subject_id": -1
},
{
"banned": false,
"hash_algorithm": "SHA-512",
"family_name": "public-user",
"given_name": "public-user",
"password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==",
"password_reset_required": false,
"salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==",
"screen_name": "public-user",
"subject_id": -2
},
{
"banned": false,
"hash_algorithm": "SHA-512",
"family_name": "Doe",
"given_name": "John",
"password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==",
"password_reset_required": false,
"salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==",
"screen_name": "jdoe",
"subject_id": -10
},
{
"banned": false,
"hash_algorithm": "SHA-512",
"family_name": "Mustermann",
"given_name": "Max",
"password": "1c9626af429a6291766d15cbfb38689bd8d49450520765973de70aecaf644b7d4fda711266ba9ec8fb6df30c8ab391d40330829aa85adf371bcde6b4c9bc01e6",
"password_reset_required": false,
"salt": "fjiajhigafgapoa",
"screen_name": "mmuster",
"subject_id": -50
}
],
"ccm_groups":
[
{
"name": "users",
"subject_id": -30
},
{
"name": "authors",
"subject_id": -40
}
],
"group_memberships":
[
{
"membership_id": -10,
"group_subject_id": -40,
"user_subject_id": -10
},
{
"membership_id": -20,
"group_subject_id": -40,
"user_subject_id": -50
},
{
"membership_id": -30,
"group_subject_id": -30,
"user_subject_id": -2
},
{
"membership_id": -40,
"group_subject_id": -30,
"user_subject_id": -10
},
{
"membership_id": -50,
"group_subject_id": -30,
"user_subject_id": -50
}
],
"user_email_addresses":
[
{
"user_id": -10,
"email_address": "john.doe@example.com",
"bouncing": false,
"verified": true
},
{
"user_id": -50,
"email_address": "max.mustermann@example.com",
"bouncing": false,
"verified": true
}
],
"permissions":
[
{
"permission_id": -10,
"grantee_id": -1,
"granted_privilege_id": -10
},
{
"permission_id": -20,
"grantee_id": -2,
"object_id": -50,
"granted_privilege_id": -20
},
{
"permission_id": -30,
"grantee_id": -10,
"object_id": -50,
"granted_privilege_id": -20
},
{
"permission_id": -40,
"grantee_id": -50,
"object_id": -50,
"granted_privilege_id": -20
},
{
"permission_id": -50,
"grantee_id": -50,
"object_id": -50,
"granted_privilege_id": -30
},
{
"permission_id": -60,
"grantee_id": -50,
"object_id": -60,
"granted_privilege_id": -20
},
{
"permission_id": -80,
"grantee_id": -30,
"object_id": -10,
"granted_privilege_id": -20
},
{
"permission_id": -90,
"grantee_id": -30,
"object_id": -20,
"granted_privilege_id": -20
},
{
"permission_id": -100,
"grantee_id": -30,
"object_id": -30,
"granted_privilege_id": -20
},
{
"permission_id": -110,
"grantee_id": -30,
"object_id": -40,
"granted_privilege_id": -20
},
{
"permission_id": -120,
"grantee_id": -30,
"object_id": -80,
"granted_privilege_id": -20
},
{
"permission_id": -130,
"grantee_id": -40,
"object_id": -10,
"granted_privilege_id": -20
},
{
"permission_id": -140,
"grantee_id": -40,
"object_id": -20,
"granted_privilege_id": -20
},
{
"permission_id": -150,
"grantee_id": -40,
"object_id": -30,
"granted_privilege_id": -20
},
{
"permission_id": -160,
"grantee_id": -40,
"object_id": -40,
"granted_privilege_id": -20
},
{
"permission_id": -170,
"grantee_id": -40,
"object_id": -80,
"granted_privilege_id": -20
},
{
"permission_id": -180,
"grantee_id": -40,
"object_id": -10,
"granted_privilege_id": -30
},
{
"permission_id": -190,
"grantee_id": -40,
"object_id": -20,
"granted_privilege_id": -30
},
{
"permission_id": -200,
"grantee_id": -40,
"object_id": -30,
"granted_privilege_id": -30
},
{
"permission_id": -220,
"grantee_id": -40,
"object_id": -40,
"granted_privilege_id": -30
},
{
"permission_id": -230,
"grantee_id": -40,
"object_id": -80,
"granted_privilege_id": -30
},
{
"permission_id": -250,
"grantee_id": -50,
"object_id": -70,
"granted_privilege_id": -20
},
{
"permission_id": -260,
"grantee_id": -50,
"object_id": -70,
"granted_privilege_id": -30
},
{
"permission_id": -270,
"grantee_id": -10,
"granted_privilege_id": -20
}
]
}

2
ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionManagerTest/after-grant.json
View File

@ -78,6 +78,7 @@
"family_name": "webmaster", "family_name": "webmaster",
"given_name": "webmaster", "given_name": "webmaster",
"password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==", "password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==",
"password_reset_required": false,
"salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==", "salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==",
"screen_name": "webmaster", "screen_name": "webmaster",
"subject_id": -1 "subject_id": -1
@ -88,6 +89,7 @@
"family_name": "public-user", "family_name": "public-user",
"given_name": "public-user", "given_name": "public-user",
"password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==", "password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==",
"password_reset_required": false,
"salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==", "salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==",
"screen_name": "public-user", "screen_name": "public-user",
"subject_id": -2 "subject_id": -2

2
ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionManagerTest/after-revoke.json
View File

@ -78,6 +78,7 @@
"family_name": "webmaster", "family_name": "webmaster",
"given_name": "webmaster", "given_name": "webmaster",
"password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==", "password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==",
"password_reset_required": false,
"salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==", "salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==",
"screen_name": "webmaster", "screen_name": "webmaster",
"subject_id": -1 "subject_id": -1
@ -88,6 +89,7 @@
"family_name": "public-user", "family_name": "public-user",
"given_name": "public-user", "given_name": "public-user",
"password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==", "password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==",
"password_reset_required": false,
"salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==", "salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==",
"screen_name": "public-user", "screen_name": "public-user",
"subject_id": -2 "subject_id": -2

2
ccm-core/src/test/resources/datasets/org/libreccm/core/PermissionManagerTest/data.json
View File

@ -79,6 +79,7 @@
"given_name": "webmaster", "given_name": "webmaster",
"password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==", "password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==",
"salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==", "salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==",
"password_reset_required": false,
"screen_name": "webmaster", "screen_name": "webmaster",
"subject_id": -1 "subject_id": -1
}, },
@ -89,6 +90,7 @@
"given_name": "public-user", "given_name": "public-user",
"password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==", "password": "C+o2w6mp+eLrbluMEgKMVSdP50A9BMethXN8R3yihtkbzt7WfWsde2nmq/t5gq6im3J8i3jw4Y3YrKHou8JQ2A==",
"salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==", "salt": "Fu8FPgqAal4GZp1hDjkOB+t6ITRCcO7HBoN5Xqf29UnVj5NUdUFZRTyKYMBEx6JmZGmHcMDG9OGVCKcEM9oyScSRreJs4B51wM44NM6KeRwbCf+VhBn14DkBrl40ygraNf+AJacKpMyCpFI0O/Am7mMDWL4flskBsylkxaQn3vKfzgN5MVG2szW//I6Q6YEH9AuL8LauS6fKaVynMzzu3xzD8Hjqvvlnzym898eom2lqScPfg5g4e8Ww13HCHAYe6twupAW/BjUNax5HSioEisZN/P1UGrde8uFEj+hbbavrWYZuilPuEu25+/98jyXx6542agqrWN8j0SFYcIyOgA==",
"password_reset_required": false,
"screen_name": "public-user", "screen_name": "public-user",
"subject_id": -2 "subject_id": -2
}, },