/*
* Copyright 2002-2007 the original author or authors.
*
* Licensed under the Apache license, Version 2.0 (the "License")
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.internna.iwebmvc.dao;
import mock.MockUserManager;
import mock.OwnedEntity;
import org.internna.iwebmvc.model.UUID;
import org.internna.iwebmvc.model.security.RoleImpl;
import org.internna.iwebmvc.model.security.UserImpl;
import org.internna.iwebmvc.utils.CollectionUtils;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.transaction.AfterTransaction;
import org.springframework.test.context.transaction.BeforeTransaction;
import org.springframework.test.context.transaction.TransactionConfiguration;
import org.springframework.transaction.annotation.Transactional;
import static org.junit.Assert.*;
/**
*
* @author Jose Noheda
*/
@Transactional
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = {"/dao.xml"})
@TransactionConfiguration(defaultRollback = true)
public class OwnedByFilteringDAOTest {
@Autowired private DAO dao;
@Autowired private SecurityDAO securityDAO;
@Autowired private MockUserManager userManager;
private UUID oneID, twoID, fiveID;
@BeforeTransaction
public void verifyInitialDatabaseState() {
assertNull(securityDAO.findUser("john"));
}
@AfterTransaction
public void verifyFinalDatabaseState() {
assertNull(securityDAO.findUser("john"));
}
@Before
public void init() throws Exception {
userManager.setName("john");
securityDAO.createAuthority("registered_user");
UserImpl john = new UserImpl();
john.setUsername("john");
john.setPassword("john");
john.setName("John Smith");
john.addRole((RoleImpl) securityDAO.findAuthority("registered_user"));
securityDAO.createUser(john);
assertNotNull(securityDAO.findUser("john"));
UserImpl mary = new UserImpl();
mary.setUsername("mary");
mary.setPassword("mary");
mary.setName("Mary Poppins");
mary.addRole((RoleImpl) securityDAO.findAuthority("registered_user"));
securityDAO.createUser(mary);
assertNotNull(securityDAO.findUser("mary"));
UserImpl viewer = new UserImpl();
viewer.setUsername("viewer");
viewer.setPassword("viewer");
viewer.setName("viewer");
viewer.addRole((RoleImpl) securityDAO.findAuthority("registered_user"));
securityDAO.createUser(viewer);
assertNotNull(securityDAO.findUser("viewer"));
OwnedEntity one = new OwnedEntity();
one.setName("one");
dao.create(one);
oneID = one.getId();
OwnedEntity two = new OwnedEntity();
two.setName("two");
two.addOwner(mary);
two.addViewer(viewer);
dao.create(two);
twoID = two.getId();
OwnedEntity three = new OwnedEntity();
three.setName("three");
three.addOwner(mary);
dao.create(three);
OwnedEntity four = new OwnedEntity();
four.setName("four");
dao.create(four);
OwnedEntity five = new OwnedEntity();
five.setName("five");
five.addOwner(mary);
dao.create(five);
fiveID = five.getId();
}
@Test
public void testIsAllowed() {
OwnedEntity entity = new OwnedEntity();
entity.setId(new UUID("00aa00aa00aa00aa00aa00aa00aa00aa"));
entity.addOwner((UserImpl) securityDAO.findUser("mary"));
assertNull("john is disallowed on entities created by mary", dao.update(entity));
assertNotNull("john is allowed on his entities", dao.update(dao.first(OwnedEntity.class)));
userManager.setName("viewer");
assertNull("viewers can't update anything", dao.update(dao.first(OwnedEntity.class)));
}
@Test
public void testCreate() {
assertTrue("Owner is automatically injected in entities", CollectionUtils.isNotEmpty(dao.first(OwnedEntity.class).getOwners()));
}
@Test
public void testMerge() {
OwnedEntity e = dao.first(OwnedEntity.class);
e.addOwner((UserImpl) securityDAO.findUser("mary"));
OwnedEntity both = (OwnedEntity) dao.update(e);
assertTrue("Owner collection is merged correctly", both.getOwners().size() == 2);
assertTrue("Viewers collection is merged correctly", both.getViewers().size() == 2);
}
@Test
public void testFind() {
assertNull("mary's objects are not loaded", dao.find(OwnedEntity.class, twoID));
assertNotNull("john's objects are loaded", dao.find(OwnedEntity.class, oneID));
userManager.setName("viewer");
assertNull("an non authorized viewer cannot see entities", dao.find(OwnedEntity.class, oneID));
assertNotNull("an authorized viewer can see entities if authorized", dao.find(OwnedEntity.class, twoID));
}
@Test
public void testFindAll() {
assertTrue("mary is filtered from a findAll except public viewing", dao.find(OwnedEntity.class, 0, 100).size() == 2);
userManager.setName("viewer");
assertTrue("the viewer is allowed once plus the public entity", dao.find(OwnedEntity.class, 0, 100).size() == 1);
}
@Test
public void testFindAllWithPublic() {
assertTrue("Users are there", securityDAO.findUsers(null, null, null, 0, 100).size() == 3);
userManager.setName("mary");
OwnedEntity e = dao.find(OwnedEntity.class, fiveID);
e.setPublicView(true);
dao.update(e);
assertTrue("Users have not been deleted", securityDAO.findUsers(null, null, null, 0, 100).size() == 3);
assertTrue("No viewers for public entities", CollectionUtils.isEmpty(dao.find(OwnedEntity.class, fiveID).getViewers()));
assertTrue("mary see hers", dao.find(OwnedEntity.class, 0, 100).size() == 3);
userManager.setName("john");
assertTrue("mary is filtered from a findAll except public viewing", dao.find(OwnedEntity.class, 0, 100).size() == 3);
userManager.setName("viewer");
assertTrue("the viewer is allowed once plus the public entity", dao.find(OwnedEntity.class, 0, 100).size() == 2);
userManager.setName("mary");
e = dao.find(OwnedEntity.class, fiveID);
e.setPublicView(false);
assertTrue("Users have not been deleted", securityDAO.findUsers(null, null, null, 0, 100).size() == 3);
dao.update(e);
e = dao.find(OwnedEntity.class, fiveID);
assertTrue("Viewers are just owners", e.getViewers().size() == e.getOwners().size());
assertTrue("mary see hers", dao.find(OwnedEntity.class, 0, 100).size() == 3);
userManager.setName("john");
assertTrue("mary is filtered from a findAll except public viewing", dao.find(OwnedEntity.class, 0, 100).size() == 2);
userManager.setName("viewer");
assertTrue("the viewer is allowed once plus the public entity", dao.find(OwnedEntity.class, 0, 100).size() == 1);
}
}