[jboss-svn-commits] JBL Code SVN: r21287 - in labs/jbossrules/trunk/drools-guvnor/src: test/java/org/drools/guvnor/server and 1 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Tue Jul 29 21:40:30 EDT 2008
Author: michael.neale at jboss.com
Date: 2008-07-29 21:40:30 -0400 (Tue, 29 Jul 2008)
New Revision: 21287
Added:
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java
Modified:
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/CategoryBasedPermissionResolver.java
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/PackageBasedPermissionResolver.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplementationTest.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/MockIdentity.java
Log:
refactored out security tests
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/CategoryBasedPermissionResolver.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/CategoryBasedPermissionResolver.java 2008-07-29 21:59:28 UTC (rev 21286)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/CategoryBasedPermissionResolver.java 2008-07-30 01:40:30 UTC (rev 21287)
@@ -33,15 +33,15 @@
/**
* PermissionResolvers are chained together to resolve permission check, the check returns true if
* one of the PermissionResolvers in the chain returns true.
- *
+ *
* This PermissionResolver resolves category-based permissions. It returns true under following situations:
* 1. The user is admin
* Or
* 2. The user has at least one analyst role, and at least one of the analyst role has access to requested category path.
* Or
* 3. The user does not have any Analyst role(eg, the user only has other roles like package.admin|package.developer|package.readonly)
- *
- *
+ *
+ *
* @author Jervis Liu
*/
@Name("org.drools.guvnor.server.security.categoryBasedPermissionResolver")
@@ -60,17 +60,23 @@
* check permission
*
* @param requestedCategoryPath
- * the requestedCategoryPath must be an instance of CategoryPathType,
+ * the requestedCategoryPath must be an instance of CategoryPathType,
* otherwise return false;
* @param requestedRole
- * the requestedRole must be an instance of String, its value has to be one of the
+ * the requestedRole must be an instance of String, its value has to be one of the
* followings: admin|analyst|package.admin|package.developer|package.readonly,
* otherwise return false;
- * @return true if the permission can be granted on the requested category path with the
+ * @return true if the permission can be granted on the requested category path with the
* requested role; return false otherwise.
- *
+ *
*/
public boolean hasPermission(Object requestedCategoryPath, String requestedRole) {
+
+ //the admin can do everything
+ if (Identity.instance().hasRole(RoleTypes.ADMIN)) {
+ return true;
+ }
+
List<RoleBasedPermission> permissions = (List<RoleBasedPermission>) Contexts
.getSessionContext().get("packageBasedPermission");
@@ -78,17 +84,14 @@
if (requestedCategoryPath instanceof CategoryPathType) {
requestedPath = ((CategoryPathType)requestedCategoryPath).getCategoryPath();
} else {
- // CategoryBasedPermissionResolver only grants permissions based on categoryPath.
- // Return false if the input is not a categoryPath, as this will be the reponsibility
+ // CategoryBasedPermissionResolver only grants permissions based on categoryPath.
+ // Return false if the input is not a categoryPath, as this will be the reponsibility
//of other PermissionResolvers in the resolver chain.
return false;
}
-
- //the admin can do everything
- if (Identity.instance().hasRole(RoleTypes.ADMIN)) {
- return true;
- }
-
+
+
+
//category path based permission check only applies to analyst role. If there is no Analyst
//role (eg, only other roles like admin|package.admin|package.dev|package.readonly) we always grant permisssion.
boolean isPermitted = true;
@@ -111,9 +114,9 @@
}
return requestedPath.equals(allowedPath) || isSubPath(allowedPath, requestedPath);
}
-
+
private boolean isSubPath(String parentPath, String subPath) {
- //TODO:
+ //TODO:
return false;
}
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/PackageBasedPermissionResolver.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/PackageBasedPermissionResolver.java 2008-07-29 21:59:28 UTC (rev 21286)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/PackageBasedPermissionResolver.java 2008-07-30 01:40:30 UTC (rev 21287)
@@ -1,48 +1,38 @@
package org.drools.guvnor.server.security;
import static org.jboss.seam.ScopeType.APPLICATION;
-import static org.jboss.seam.annotations.Install.FRAMEWORK;
import java.io.Serializable;
-import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.drools.guvnor.server.ServiceImplementation;
import org.drools.repository.PackageItem;
-import org.drools.repository.RulesRepository;
import org.drools.repository.RulesRepositoryException;
import org.jboss.seam.Component;
-import org.jboss.seam.Seam;
-import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.Create;
-import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Install;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.Startup;
import org.jboss.seam.annotations.intercept.BypassInterceptors;
import org.jboss.seam.contexts.Contexts;
-import org.jboss.seam.log.LogProvider;
-import org.jboss.seam.log.Logging;
import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.Role;
-import org.jboss.seam.security.SimplePrincipal;
import org.jboss.seam.security.permission.PermissionResolver;
/**
* PermissionResolvers are chained together to resolve permission check, the check returns true if
* one of the PermissionResolvers in the chain returns true.
- *
+ *
* This PermissionResolver resolves package-based permissions. It returns true under following situations:
* 1. The user is admin
* Or
* 2. The user has one of the following roles package.admin|package.developer|package.readonly on the requested
- * package, and requested role requires lower privilege than assigned role(I.e., package.admin>package.developer>package.readonly)
+ * package, and requested role requires lower privilege than assigned role(I.e., package.admin>package.developer>package.readonly)
* Or
* 3. The user is Analyst
- *
- *
+ *
+ *
* @author Jervis Liu
*/
@Name("org.drools.guvnor.server.security.packageBasedPermissionResolver")
@@ -61,22 +51,28 @@
* check permission
*
* @param requestedPackage
- * the requestedPackage must be an instance of PackageUUIDType or PackageNameType,
+ * the requestedPackage must be an instance of PackageUUIDType or PackageNameType,
* otherwise return false;
* @param requestedRole
- * the requestedRole must be an instance of String, its value has to be one of the
+ * the requestedRole must be an instance of String, its value has to be one of the
* followings: admin|analyst|package.admin|package.developer|package.readonly,
* otherwise return false;
- * @return true if the permission can be granted on the requested packaged with the
+ * @return true if the permission can be granted on the requested packaged with the
* requested role; return false otherwise.
- *
+ *
*/
public boolean hasPermission(Object requestedPackage, String requestedRole) {
+
+ //admin can do everything
+ if (Identity.instance().hasRole(RoleTypes.ADMIN)) {
+ return true;
+ }
+
List<RoleBasedPermission> permissions = (List<RoleBasedPermission>) Contexts
.getSessionContext().get("packageBasedPermission");
String targetUUDI = "";
-
+
if (requestedPackage instanceof PackageUUIDType) {
targetUUDI = ((PackageUUIDType) requestedPackage).getUUID();
} else if (requestedPackage instanceof PackageNameType) {
@@ -92,18 +88,15 @@
}
} else {
- // PackageBasedPermissionResolver only grants permissions based on package info.
- // Return false if the input is not a pacakge info, as this will be the reponsibility
+ // PackageBasedPermissionResolver only grants permissions based on package info.
+ // Return false if the input is not a pacakge info, as this will be the reponsibility
//of other PermissionResolvers in the resolver chain.
return false;
}
-
- //admin can do everything
- if (Identity.instance().hasRole(RoleTypes.ADMIN)) {
- return true;
- }
-
- //package based permission check only applies to admin|package.admin|package.dev|package.readonly role.
+
+
+
+ //package based permission check only applies to admin|package.admin|package.dev|package.readonly role.
//For Analyst we always grant permisssion.
for (RoleBasedPermission pbp : permissions) {
if (RoleTypes.ANALYST.equals(pbp.getRole())) {
@@ -111,7 +104,7 @@
} else if (targetUUDI.equalsIgnoreCase(pbp.getPackageUUID())
&& isPermitted(requestedRole, pbp.getRole())) {
return true;
- }
+ }
}
return false;
Added: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java (rev 0)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java 2008-07-30 01:40:30 UTC (rev 21287)
@@ -0,0 +1,560 @@
+package org.drools.guvnor.server;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.drools.guvnor.client.common.AssetFormats;
+import org.drools.guvnor.client.rpc.RuleAsset;
+import org.drools.guvnor.client.rpc.TableDataResult;
+import org.drools.guvnor.client.rpc.TableDataRow;
+import org.drools.guvnor.client.rulelist.AssetItemGrid;
+import org.drools.guvnor.server.security.CategoryBasedPermissionResolver;
+import org.drools.guvnor.server.security.MockIdentity;
+import org.drools.guvnor.server.security.PackageBasedPermissionResolver;
+import org.drools.guvnor.server.security.RoleBasedPermission;
+import org.drools.guvnor.server.security.RoleTypes;
+import org.drools.guvnor.server.util.TestEnvironmentSessionHelper;
+import org.drools.repository.AssetItem;
+import org.drools.repository.PackageItem;
+import org.drools.repository.RulesRepository;
+import org.jboss.seam.contexts.Contexts;
+import org.jboss.seam.contexts.Lifecycle;
+import org.jboss.seam.security.AuthorizationException;
+import org.jboss.seam.security.permission.PermissionResolver;
+
+import junit.framework.TestCase;
+
+public class ServiceImplSecurityTest extends TestCase {
+
+ public void testLoadRuleAssetWithRoleBasedAuthrozationAnalyst() throws Exception {
+ try {
+ ServiceImplementation impl = getService();
+ impl.repository.createPackage(
+ "testLoadRuleAssetWithRoleBasedAuthrozation", "desc");
+ impl.createCategory("",
+ "testLoadRuleAssetWithRoleBasedAuthrozationCat1",
+ "this is a cat");
+ impl.createCategory("",
+ "testLoadRuleAssetWithRoleBasedAuthrozationCat2",
+ "this is a cat");
+
+ impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
+ "description",
+ "testLoadRuleAssetWithRoleBasedAuthrozationCat1",
+ "testLoadRuleAssetWithRoleBasedAuthrozation", "drl");
+ impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation2",
+ "description",
+ "testLoadRuleAssetWithRoleBasedAuthrozationCat2",
+ "testLoadRuleAssetWithRoleBasedAuthrozation", "drl");
+
+ TableDataResult res = impl.loadRuleListForCategories(
+ "testLoadRuleAssetWithRoleBasedAuthrozationCat1", 0, -1,
+ AssetItemGrid.RULE_LIST_TABLE_ID);
+ assertEquals(1, res.data.length);
+ assertEquals(1, res.total);
+ assertFalse(res.hasNext);
+
+ TableDataRow row = res.data[0];
+ String uuid = row.id;
+
+ TableDataResult res2 = impl.loadRuleListForCategories(
+ "testLoadRuleAssetWithRoleBasedAuthrozationCat2", 0, -1,
+ AssetItemGrid.RULE_LIST_TABLE_ID);
+ assertEquals(1, res.data.length);
+ assertEquals(1, res.total);
+ assertFalse(res.hasNext);
+
+ TableDataRow row2 = res2.data[0];
+ String uuid2 = row2.id;
+
+ // Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ // this makes Identity.hasRole("admin") return false
+ midentity.setHasRole(false);
+ midentity.addPermissionResolver(new PackageBasedPermissionResolver());
+ midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
+
+ Contexts.getSessionContext().set(
+ "org.jboss.seam.security.identity", midentity);
+ Contexts.getSessionContext().set(
+ "org.drools.guvnor.client.rpc.RepositoryService", impl);
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null,
+ "testLoadRuleAssetWithRoleBasedAuthrozationCat1"));
+ Contexts.getSessionContext().set("packageBasedPermission", pbps);
+
+
+ //now lets see if we can access this asset with the permissions
+ RuleAsset asset = impl.loadRuleAsset(uuid);
+ try {
+ asset = impl.loadRuleAsset(uuid2);
+ fail("Did not catch expected exception");
+ } catch (AuthorizationException e) {
+ }
+ } finally {
+ Lifecycle.endApplication();
+ }
+ }
+
+ public void testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonly() throws Exception {
+ try {
+ ServiceImplementation impl = getService();
+ impl.repository.createPackage(
+ "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyPack1", "desc");
+ impl.createCategory("",
+ "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyCat1",
+ "this is a cat");
+
+ impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
+ "description",
+ "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyCat1",
+ "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyPack1", "drl");
+
+ impl.repository.createPackage(
+ "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyPack2", "desc");
+
+ impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
+ "description",
+ "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyCat1",
+ "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyPack2", "drl");
+
+
+ TableDataResult res = impl.loadRuleListForCategories(
+ "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyCat1", 0, -1,
+ AssetItemGrid.RULE_LIST_TABLE_ID);
+ TableDataRow row = res.data[0];
+ String uuid = row.id;
+ PackageItem source = impl.repository
+ .loadPackage("testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyPack1");
+ String package1Uuid = source.getUUID();
+
+ TableDataRow row2 = res.data[1];
+ String uuid2 = row2.id;
+
+ // Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ // this makes Identity.hasRole("admin") return false
+ midentity.setHasRole(false);
+ midentity.addPermissionResolver(new PackageBasedPermissionResolver());
+ midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
+
+ Contexts.getSessionContext().set(
+ "org.jboss.seam.security.identity", midentity);
+ Contexts.getSessionContext().set(
+ "org.drools.guvnor.client.rpc.RepositoryService", impl);
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis",
+ RoleTypes.PACKAGE_READONLY,
+ package1Uuid, null));
+
+ Contexts.getSessionContext().set("packageBasedPermission", pbps);
+
+ //now lets see if we can access this asset with the permissions
+ RuleAsset asset = impl.loadRuleAsset(uuid);
+ try {
+ asset = impl.loadRuleAsset(uuid2);
+ fail("Did not catch expected exception");
+ } catch (AuthorizationException e) {
+ }
+ } finally {
+ Lifecycle.endApplication();
+ }
+ }
+
+ //Access an asset that belongs to no category. e.g., Packages -> Create New -> "upload new Model jar".
+ //The user role is admin
+ public void testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategory() throws Exception {
+ try {
+ ServiceImplementation impl = getService();
+ impl.repository.createPackage(
+ "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryPack", "desc");
+ impl.createCategory("",
+ "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryCat",
+ "this is a cat");
+
+ String uuid = impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
+ "description",
+ null,
+ "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryPack", "drl");
+
+ // Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ // this makes Identity.hasRole("admin") return true
+ midentity.setHasRole(true);
+ midentity.addPermissionResolver(new PackageBasedPermissionResolver());
+ midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
+
+ Contexts.getSessionContext().set(
+ "org.jboss.seam.security.identity", midentity);
+ Contexts.getSessionContext().set(
+ "org.drools.guvnor.client.rpc.RepositoryService", impl);
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ /* pbps.add(new RoleBasedPermission("jervis",
+ RoleTypes.PACKAGE_READONLY,
+ package1Uuid, null));*/
+
+ Contexts.getSessionContext().set("packageBasedPermission", pbps);
+
+ //now lets see if we can access this asset with the permissions
+ RuleAsset asset = impl.loadRuleAsset(uuid);
+ assertNotNull(asset);
+ } finally {
+ Lifecycle.endApplication();
+ }
+ }
+
+ //Access an asset that belongs to no category. e.g., Packages -> Create New -> "upload new Model jar".
+ //The user role is admin
+ public void testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryPackageAdmin() throws Exception {
+ try {
+ ServiceImplementation impl = getService();
+ PackageItem packageItem = impl.repository.createPackage(
+ "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryPackageAdminPack", "desc");
+ String packageUuid = packageItem.getUUID();
+ impl.createCategory("",
+ "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryPackageAdminCat",
+ "this is a cat");
+
+ String uuid = impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
+ "description",
+ null,
+ "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryPackageAdminPack", "drl");
+
+ // Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ // this makes Identity.hasRole("admin") return false
+ midentity.setHasRole(false);
+ midentity.addPermissionResolver(new PackageBasedPermissionResolver());
+ midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
+
+ Contexts.getSessionContext().set(
+ "org.jboss.seam.security.identity", midentity);
+ Contexts.getSessionContext().set(
+ "org.drools.guvnor.client.rpc.RepositoryService", impl);
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis",
+ RoleTypes.PACKAGE_ADMIN,
+ packageUuid, null));
+
+ Contexts.getSessionContext().set("packageBasedPermission", pbps);
+
+ //now lets see if we can access this asset with the permissions
+ RuleAsset asset = impl.loadRuleAsset(uuid);
+ assertNotNull(asset);
+ } finally {
+ Lifecycle.endApplication();
+ }
+ }
+
+ //Access an asset that belongs to no category. e.g., Packages -> Create New -> "upload new Model jar".
+ //The user role is analyst
+ public void testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryAnalyst() throws Exception {
+ try {
+ ServiceImplementation impl = getService();
+ PackageItem packageItem = impl.repository.createPackage(
+ "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryAnalystPack", "desc");
+ String packageUuid = packageItem.getUUID();
+ impl.createCategory("",
+ "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryAnalystCat",
+ "this is a cat");
+
+ String uuid = impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
+ "description",
+ null,
+ "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryAnalystPack", "drl");
+
+ // Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ // this makes Identity.hasRole("admin") return false
+ midentity.setHasRole(false);
+ midentity.addPermissionResolver(new PackageBasedPermissionResolver());
+ midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
+
+ Contexts.getSessionContext().set(
+ "org.jboss.seam.security.identity", midentity);
+ Contexts.getSessionContext().set(
+ "org.drools.guvnor.client.rpc.RepositoryService", impl);
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis",
+ RoleTypes.ANALYST,
+ null, "category1"));
+
+ Contexts.getSessionContext().set("packageBasedPermission", pbps);
+
+ //now lets see if we can access this asset with the permissions
+ try {
+ RuleAsset asset = impl.loadRuleAsset(uuid);
+ fail("Did not catch expected exception");
+ } catch (AuthorizationException e) {
+ }
+ } finally {
+ Lifecycle.endApplication();
+ }
+ }
+
+ //Access an asset that belongs to no category. The user role is analyst and package.admin.
+ //Because the analyst role the user has has no category access to the asset,
+ //the permission can not be granted even though the package.admin role has package access.
+ public void testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryMixed() throws Exception {
+ try {
+ ServiceImplementation impl = getService();
+ PackageItem packageItem = impl.repository.createPackage(
+ "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryMixedPack", "desc");
+ String packageUuid = packageItem.getUUID();
+ impl.createCategory("",
+ "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryMixedCat",
+ "this is a cat");
+
+ String uuid = impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
+ "description",
+ null,
+ "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryMixedPack", "drl");
+
+ // Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ // this makes Identity.hasRole("admin") return false
+ midentity.setHasRole(false);
+ midentity.addPermissionResolver(new PackageBasedPermissionResolver());
+ midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
+
+ Contexts.getSessionContext().set(
+ "org.jboss.seam.security.identity", midentity);
+ Contexts.getSessionContext().set(
+ "org.drools.guvnor.client.rpc.RepositoryService", impl);
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis",
+ RoleTypes.ANALYST,
+ null, "category1"));
+ pbps.add(new RoleBasedPermission("jervis",
+ RoleTypes.PACKAGE_ADMIN,
+ packageUuid, null));
+
+ Contexts.getSessionContext().set("packageBasedPermission", pbps);
+
+ //now lets see if we can access this asset with the permissions
+ try {
+ RuleAsset asset = impl.loadRuleAsset(uuid);
+ fail("Did not catch expected exception");
+ } catch (AuthorizationException e) {
+ }
+ } finally {
+ Lifecycle.endApplication();
+ }
+ }
+
+ public void testCreateNewRule() throws Exception {
+ ServiceImplementation impl = getService();
+ impl.repository.createPackage("testSecurityCreateNewRule", "desc");
+ impl.createCategory("", "testSecurityCreateNewRule", "this is a cat");
+
+ Lifecycle.beginApplication(new HashMap());
+ Lifecycle.beginCall();
+ MockIdentity mi = new MockIdentity();
+ mi.inject();
+
+ try {
+ impl.createNewRule("testCreateNewRuleName22",
+ "an initial desc", "testSecurityCreateNewRule", "testSecurityCreateNewRule",
+ AssetFormats.DSL_TEMPLATE_RULE);
+ fail("not allowed");
+ } catch (AuthorizationException e) {
+ assertNotNull(e.getMessage());
+ }
+
+ mi.addPermissionResolver(new PermissionResolver() {
+ public void filterSetByAction(Set<Object> arg0, String arg1) {
+ }
+
+ public boolean hasPermission(Object arg0, String arg1) {
+ return (arg1.equals(RoleTypes.PACKAGE_DEVELOPER));
+ }
+
+ });
+ impl.createNewRule("testCreateNewRuleName22",
+ "an initial desc", "testSecurityCreateNewRule", "testSecurityCreateNewRule",
+ AssetFormats.DSL_TEMPLATE_RULE);
+
+ Lifecycle.endApplication();
+ }
+
+
+
+ private ServiceImplementation getService() throws Exception {
+ ServiceImplementation impl = new ServiceImplementation();
+
+ impl.repository = new RulesRepository(TestEnvironmentSessionHelper
+ .getSession());
+ return impl;
+ }
+
+ public void testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonly() throws Exception {
+ try {
+ ServiceImplementation impl = getService();
+ impl.repository.createPackage(
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack1", "desc");
+ impl.createCategory("",
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyCat1",
+ "this is a cat");
+
+ impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
+ "description",
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyCat1",
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack1", "drl");
+
+ impl.repository.createPackage(
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack2", "desc");
+
+ impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
+ "description",
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyCat1",
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack2", "drl");
+
+ impl.repository.createPackage(
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack3", "desc");
+
+ impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
+ "description",
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyCat1",
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack3", "drl");
+
+ PackageItem source = impl.repository.loadPackage("testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack1");
+ String package1Uuid = source.getUUID();
+ source = impl.repository.loadPackage("testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack2");
+ String package2Uuid = source.getUUID();
+
+ // Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ // this makes Identity.hasRole("admin") return false
+ midentity.setHasRole(false);
+ midentity.addPermissionResolver(new PackageBasedPermissionResolver());
+ midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
+
+ Contexts.getSessionContext().set(
+ "org.jboss.seam.security.identity", midentity);
+ Contexts.getSessionContext().set(
+ "org.drools.guvnor.client.rpc.RepositoryService", impl);
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis",
+ RoleTypes.PACKAGE_READONLY,
+ package1Uuid, null));
+ pbps.add(new RoleBasedPermission("jervis",
+ RoleTypes.PACKAGE_DEVELOPER,
+ package2Uuid, null));
+
+ Contexts.getSessionContext().set("packageBasedPermission", pbps);
+
+
+ TableDataResult res = impl.loadRuleListForCategories(
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyCat1", 0, -1,
+ AssetItemGrid.RULE_LIST_TABLE_ID);
+ assertEquals(2, res.data.length);
+ } finally {
+ Lifecycle.endApplication();
+ }
+ }
+
+ public void testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalyst() throws Exception {
+ try {
+ ServiceImplementation impl = getService();
+ impl.repository.createPackage(
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack1", "desc");
+ impl.createCategory("",
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystCat1",
+ "this is a cat");
+
+ impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
+ "description",
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystCat1",
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack1", "drl");
+
+ impl.repository.createPackage(
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack2", "desc");
+
+ impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
+ "description",
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystCat1",
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack2", "drl");
+
+ impl.repository.createPackage(
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack3", "desc");
+
+ impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
+ "description",
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystCat1",
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack3", "drl");
+
+ PackageItem source = impl.repository.loadPackage("testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack2");
+ String package2Uuid = source.getUUID();
+ source = impl.repository.loadPackage("testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack3");
+ String package3Uuid = source.getUUID();
+
+ // Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ // this makes Identity.hasRole("admin") return false
+ midentity.setHasRole(false);
+ midentity.addPermissionResolver(new PackageBasedPermissionResolver());
+ midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
+
+ Contexts.getSessionContext().set(
+ "org.jboss.seam.security.identity", midentity);
+ Contexts.getSessionContext().set(
+ "org.drools.guvnor.client.rpc.RepositoryService", impl);
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis",
+ RoleTypes.ANALYST,
+ null, "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystCat1"));
+ pbps.add(new RoleBasedPermission("jervis",
+ RoleTypes.PACKAGE_READONLY,
+ package2Uuid, null));
+ pbps.add(new RoleBasedPermission("jervis",
+ RoleTypes.PACKAGE_DEVELOPER,
+ package3Uuid, null));
+
+ Contexts.getSessionContext().set("packageBasedPermission", pbps);
+
+
+ TableDataResult res = impl.loadRuleListForCategories(
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystCat1", 0, -1,
+ AssetItemGrid.RULE_LIST_TABLE_ID);
+ assertEquals(3, res.data.length);
+ } finally {
+ Lifecycle.endApplication();
+ }
+ }
+
+}
Property changes on: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java
___________________________________________________________________
Name: svn:eol-style
+ native
Modified: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplementationTest.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplementationTest.java 2008-07-29 21:59:28 UTC (rev 21286)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplementationTest.java 2008-07-30 01:40:30 UTC (rev 21287)
@@ -71,7 +71,6 @@
import org.drools.guvnor.server.security.MockIdentity;
import org.drools.guvnor.server.security.PackageBasedPermissionResolver;
import org.drools.guvnor.server.security.PackageNameType;
-import org.drools.guvnor.server.security.RoleBasedPermission;
import org.drools.guvnor.server.security.RoleTypes;
import org.drools.guvnor.server.util.BRXMLPersistence;
import org.drools.guvnor.server.util.IO;
@@ -88,6 +87,7 @@
import org.drools.util.BinaryRuleBaseLoader;
import org.drools.util.DateUtils;
import org.drools.util.DroolsStreamUtils;
+import org.jboss.seam.Component;
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.contexts.Lifecycle;
import org.jboss.seam.security.AuthorizationException;
@@ -238,35 +238,6 @@
assertEquals(dtItem.getDescription(), "an initial desc");
- Lifecycle.beginApplication(new HashMap());
- Lifecycle.beginCall();
- MockIdentity mi = new MockIdentity();
- mi.inject();
-
- try {
- uuid = impl.createNewRule("testCreateNewRuleName22",
- "an initial desc", "testCreateNewRule", "testCreateNewRule",
- AssetFormats.DSL_TEMPLATE_RULE);
- fail("not allowed");
- } catch (AuthorizationException e) {
- assertNotNull(e.getMessage());
- }
-
- mi.addPermissionResolver(new PermissionResolver() {
- public void filterSetByAction(Set<Object> arg0, String arg1) {
- }
-
- public boolean hasPermission(Object arg0, String arg1) {
- return (arg1.equals(RoleTypes.PACKAGE_DEVELOPER));
- }
-
- });
- uuid = impl.createNewRule("testCreateNewRuleName22",
- "an initial desc", "testCreateNewRule", "testCreateNewRule",
- AssetFormats.DSL_TEMPLATE_RULE);
-
-
-
}
public void testCreateNewRuleContainsApostrophe() throws Exception {
@@ -386,490 +357,6 @@
assertTrue(asset.content instanceof RuleContentText);
}
- public void testLoadRuleAssetWithRoleBasedAuthrozationAnalyst() throws Exception {
- try {
- ServiceImplementation impl = getService();
- impl.repository.createPackage(
- "testLoadRuleAssetWithRoleBasedAuthrozation", "desc");
- impl.createCategory("",
- "testLoadRuleAssetWithRoleBasedAuthrozationCat1",
- "this is a cat");
- impl.createCategory("",
- "testLoadRuleAssetWithRoleBasedAuthrozationCat2",
- "this is a cat");
-
- impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
- "description",
- "testLoadRuleAssetWithRoleBasedAuthrozationCat1",
- "testLoadRuleAssetWithRoleBasedAuthrozation", "drl");
- impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation2",
- "description",
- "testLoadRuleAssetWithRoleBasedAuthrozationCat2",
- "testLoadRuleAssetWithRoleBasedAuthrozation", "drl");
-
- TableDataResult res = impl.loadRuleListForCategories(
- "testLoadRuleAssetWithRoleBasedAuthrozationCat1", 0, -1,
- AssetItemGrid.RULE_LIST_TABLE_ID);
- assertEquals(1, res.data.length);
- assertEquals(1, res.total);
- assertFalse(res.hasNext);
-
- TableDataRow row = res.data[0];
- String uuid = row.id;
-
- TableDataResult res2 = impl.loadRuleListForCategories(
- "testLoadRuleAssetWithRoleBasedAuthrozationCat2", 0, -1,
- AssetItemGrid.RULE_LIST_TABLE_ID);
- assertEquals(1, res.data.length);
- assertEquals(1, res.total);
- assertFalse(res.hasNext);
-
- TableDataRow row2 = res2.data[0];
- String uuid2 = row2.id;
-
- // Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
- Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
- // this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- midentity.addPermissionResolver(new PackageBasedPermissionResolver());
- midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
-
- Contexts.getSessionContext().set(
- "org.jboss.seam.security.identity", midentity);
- Contexts.getSessionContext().set(
- "org.drools.guvnor.client.rpc.RepositoryService", impl);
-
- List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null,
- "testLoadRuleAssetWithRoleBasedAuthrozationCat1"));
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
-
- //now lets see if we can access this asset with the permissions
- RuleAsset asset = impl.loadRuleAsset(uuid);
- try {
- asset = impl.loadRuleAsset(uuid2);
- fail("Did not catch expected exception");
- } catch (AuthorizationException e) {
- }
- } finally {
- Lifecycle.endApplication();
- }
- }
-
- public void testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonly() throws Exception {
- try {
- ServiceImplementation impl = getService();
- impl.repository.createPackage(
- "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyPack1", "desc");
- impl.createCategory("",
- "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyCat1",
- "this is a cat");
-
- impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
- "description",
- "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyCat1",
- "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyPack1", "drl");
-
- impl.repository.createPackage(
- "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyPack2", "desc");
-
- impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
- "description",
- "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyCat1",
- "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyPack2", "drl");
-
-
- TableDataResult res = impl.loadRuleListForCategories(
- "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyCat1", 0, -1,
- AssetItemGrid.RULE_LIST_TABLE_ID);
- TableDataRow row = res.data[0];
- String uuid = row.id;
- PackageItem source = impl.repository
- .loadPackage("testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyPack1");
- String package1Uuid = source.getUUID();
-
- TableDataRow row2 = res.data[1];
- String uuid2 = row2.id;
-
- // Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
- Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
- // this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- midentity.addPermissionResolver(new PackageBasedPermissionResolver());
- midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
-
- Contexts.getSessionContext().set(
- "org.jboss.seam.security.identity", midentity);
- Contexts.getSessionContext().set(
- "org.drools.guvnor.client.rpc.RepositoryService", impl);
-
- List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis",
- RoleTypes.PACKAGE_READONLY,
- package1Uuid, null));
-
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
- //now lets see if we can access this asset with the permissions
- RuleAsset asset = impl.loadRuleAsset(uuid);
- try {
- asset = impl.loadRuleAsset(uuid2);
- fail("Did not catch expected exception");
- } catch (AuthorizationException e) {
- }
- } finally {
- Lifecycle.endApplication();
- }
- }
-
- //Access an asset that belongs to no category. e.g., Packages -> Create New -> "upload new Model jar".
- //The user role is admin
- public void testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategory() throws Exception {
- try {
- ServiceImplementation impl = getService();
- impl.repository.createPackage(
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryPack", "desc");
- impl.createCategory("",
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryCat",
- "this is a cat");
-
- String uuid = impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
- "description",
- null,
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryPack", "drl");
-
- // Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
- Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
- // this makes Identity.hasRole("admin") return true
- midentity.setHasRole(true);
- midentity.addPermissionResolver(new PackageBasedPermissionResolver());
- midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
-
- Contexts.getSessionContext().set(
- "org.jboss.seam.security.identity", midentity);
- Contexts.getSessionContext().set(
- "org.drools.guvnor.client.rpc.RepositoryService", impl);
-
- List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
-/* pbps.add(new RoleBasedPermission("jervis",
- RoleTypes.PACKAGE_READONLY,
- package1Uuid, null));*/
-
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
- //now lets see if we can access this asset with the permissions
- RuleAsset asset = impl.loadRuleAsset(uuid);
- assertNotNull(asset);
- } finally {
- Lifecycle.endApplication();
- }
- }
-
- //Access an asset that belongs to no category. e.g., Packages -> Create New -> "upload new Model jar".
- //The user role is admin
- public void testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryPackageAdmin() throws Exception {
- try {
- ServiceImplementation impl = getService();
- PackageItem packageItem = impl.repository.createPackage(
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryPackageAdminPack", "desc");
- String packageUuid = packageItem.getUUID();
- impl.createCategory("",
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryPackageAdminCat",
- "this is a cat");
-
- String uuid = impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
- "description",
- null,
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryPackageAdminPack", "drl");
-
- // Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
- Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
- // this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- midentity.addPermissionResolver(new PackageBasedPermissionResolver());
- midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
-
- Contexts.getSessionContext().set(
- "org.jboss.seam.security.identity", midentity);
- Contexts.getSessionContext().set(
- "org.drools.guvnor.client.rpc.RepositoryService", impl);
-
- List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis",
- RoleTypes.PACKAGE_ADMIN,
- packageUuid, null));
-
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
- //now lets see if we can access this asset with the permissions
- RuleAsset asset = impl.loadRuleAsset(uuid);
- assertNotNull(asset);
- } finally {
- Lifecycle.endApplication();
- }
- }
-
- //Access an asset that belongs to no category. e.g., Packages -> Create New -> "upload new Model jar".
- //The user role is analyst
- public void testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryAnalyst() throws Exception {
- try {
- ServiceImplementation impl = getService();
- PackageItem packageItem = impl.repository.createPackage(
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryAnalystPack", "desc");
- String packageUuid = packageItem.getUUID();
- impl.createCategory("",
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryAnalystCat",
- "this is a cat");
-
- String uuid = impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
- "description",
- null,
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryAnalystPack", "drl");
-
- // Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
- Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
- // this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- midentity.addPermissionResolver(new PackageBasedPermissionResolver());
- midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
-
- Contexts.getSessionContext().set(
- "org.jboss.seam.security.identity", midentity);
- Contexts.getSessionContext().set(
- "org.drools.guvnor.client.rpc.RepositoryService", impl);
-
- List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis",
- RoleTypes.ANALYST,
- null, "category1"));
-
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
- //now lets see if we can access this asset with the permissions
- try {
- RuleAsset asset = impl.loadRuleAsset(uuid);
- fail("Did not catch expected exception");
- } catch (AuthorizationException e) {
- }
- } finally {
- Lifecycle.endApplication();
- }
- }
-
- //Access an asset that belongs to no category. The user role is analyst and package.admin.
- //Because the analyst role the user has has no category access to the asset,
- //the permission can not be granted even though the package.admin role has package access.
- public void testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryMixed() throws Exception {
- try {
- ServiceImplementation impl = getService();
- PackageItem packageItem = impl.repository.createPackage(
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryMixedPack", "desc");
- String packageUuid = packageItem.getUUID();
- impl.createCategory("",
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryMixedCat",
- "this is a cat");
-
- String uuid = impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
- "description",
- null,
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryMixedPack", "drl");
-
- // Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
- Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
- // this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- midentity.addPermissionResolver(new PackageBasedPermissionResolver());
- midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
-
- Contexts.getSessionContext().set(
- "org.jboss.seam.security.identity", midentity);
- Contexts.getSessionContext().set(
- "org.drools.guvnor.client.rpc.RepositoryService", impl);
-
- List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis",
- RoleTypes.ANALYST,
- null, "category1"));
- pbps.add(new RoleBasedPermission("jervis",
- RoleTypes.PACKAGE_ADMIN,
- packageUuid, null));
-
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
- //now lets see if we can access this asset with the permissions
- try {
- RuleAsset asset = impl.loadRuleAsset(uuid);
- fail("Did not catch expected exception");
- } catch (AuthorizationException e) {
- }
- } finally {
- Lifecycle.endApplication();
- }
- }
-
- public void testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonly() throws Exception {
- try {
- ServiceImplementation impl = getService();
- impl.repository.createPackage(
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack1", "desc");
- impl.createCategory("",
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyCat1",
- "this is a cat");
-
- impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
- "description",
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyCat1",
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack1", "drl");
-
- impl.repository.createPackage(
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack2", "desc");
-
- impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
- "description",
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyCat1",
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack2", "drl");
-
- impl.repository.createPackage(
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack3", "desc");
-
- impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
- "description",
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyCat1",
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack3", "drl");
-
- PackageItem source = impl.repository.loadPackage("testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack1");
- String package1Uuid = source.getUUID();
- source = impl.repository.loadPackage("testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack2");
- String package2Uuid = source.getUUID();
-
- // Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
- Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
- // this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- midentity.addPermissionResolver(new PackageBasedPermissionResolver());
- midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
-
- Contexts.getSessionContext().set(
- "org.jboss.seam.security.identity", midentity);
- Contexts.getSessionContext().set(
- "org.drools.guvnor.client.rpc.RepositoryService", impl);
-
- List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis",
- RoleTypes.PACKAGE_READONLY,
- package1Uuid, null));
- pbps.add(new RoleBasedPermission("jervis",
- RoleTypes.PACKAGE_DEVELOPER,
- package2Uuid, null));
-
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
-
- TableDataResult res = impl.loadRuleListForCategories(
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyCat1", 0, -1,
- AssetItemGrid.RULE_LIST_TABLE_ID);
- assertEquals(2, res.data.length);
- } finally {
- Lifecycle.endApplication();
- }
- }
-
- public void testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalyst() throws Exception {
- try {
- ServiceImplementation impl = getService();
- impl.repository.createPackage(
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack1", "desc");
- impl.createCategory("",
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystCat1",
- "this is a cat");
-
- impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
- "description",
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystCat1",
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack1", "drl");
-
- impl.repository.createPackage(
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack2", "desc");
-
- impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
- "description",
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystCat1",
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack2", "drl");
-
- impl.repository.createPackage(
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack3", "desc");
-
- impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
- "description",
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystCat1",
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack3", "drl");
-
- PackageItem source = impl.repository.loadPackage("testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack2");
- String package2Uuid = source.getUUID();
- source = impl.repository.loadPackage("testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack3");
- String package3Uuid = source.getUUID();
-
- // Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
- Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
- // this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- midentity.addPermissionResolver(new PackageBasedPermissionResolver());
- midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
-
- Contexts.getSessionContext().set(
- "org.jboss.seam.security.identity", midentity);
- Contexts.getSessionContext().set(
- "org.drools.guvnor.client.rpc.RepositoryService", impl);
-
- List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis",
- RoleTypes.ANALYST,
- null, "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystCat1"));
- pbps.add(new RoleBasedPermission("jervis",
- RoleTypes.PACKAGE_READONLY,
- package2Uuid, null));
- pbps.add(new RoleBasedPermission("jervis",
- RoleTypes.PACKAGE_DEVELOPER,
- package3Uuid, null));
-
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
-
- TableDataResult res = impl.loadRuleListForCategories(
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystCat1", 0, -1,
- AssetItemGrid.RULE_LIST_TABLE_ID);
- assertEquals(3, res.data.length);
- } finally {
- Lifecycle.endApplication();
- }
- }
-
-
public void testLoadAssetHistoryAndRestore() throws Exception {
ServiceImplementation impl = getService();
impl.repository.createPackage("testLoadAssetHistory", "desc");
@@ -2606,8 +2093,31 @@
}
+
+ /**
+ * Set up enough of the Seam environment to test it.
+ */
@Override
+ protected void setUp() throws Exception {
+ super.setUp();
+
+ Map<String, Object> ap = new HashMap<String, Object>();
+ ap.put("org.drools.guvnor.client.rpc.RepositoryService", getService());
+ Lifecycle.beginApplication(ap);
+ Lifecycle.beginCall();
+
+ MockIdentity mi = new MockIdentity();
+ mi.inject();
+ mi.addRole(RoleTypes.ADMIN);
+ mi.addPermissionResolver(new CategoryBasedPermissionResolver());
+ mi.addPermissionResolver(new PackageBasedPermissionResolver());
+
+
+ }
+
+ @Override
protected void tearDown() throws Exception {
+ super.tearDown();
if (Contexts.isApplicationContextActive()) {
Lifecycle.endApplication();
}
Modified: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/MockIdentity.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/MockIdentity.java 2008-07-29 21:59:28 UTC (rev 21286)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/MockIdentity.java 2008-07-30 01:40:30 UTC (rev 21287)
@@ -19,8 +19,10 @@
import java.util.ArrayList;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.security.Identity;
@@ -29,12 +31,21 @@
public class MockIdentity extends Identity {
private boolean hasRole;
+ private Set<String> roles = new HashSet<String>();
private List<PermissionResolver> resolvers = new ArrayList<PermissionResolver>();
+ @Override
+ public boolean addRole(String r) {
+ roles.add(r);
+ return true;
+ }
+
public boolean hasRole(String role) {
- return hasRole;
+ return hasRole || roles.contains(role);
}
+
+
public void setHasRole(boolean hasRole) {
this.hasRole = hasRole;
}
More information about the jboss-svn-commits
mailing list