[jboss-svn-commits] JBL Code SVN: r24217 - in labs/jbossrules/trunk/drools-guvnor: src/main/java/org/drools/guvnor/server and 3 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Tue Dec 2 11:53:15 EST 2008
Author: Rikkola
Date: 2008-12-02 11:53:14 -0500 (Tue, 02 Dec 2008)
New Revision: 24217
Modified:
labs/jbossrules/trunk/drools-guvnor/Guvnor.launch
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/jboss/seam/security/permission/RoleBasedPermissionResolverTest.java
Log:
JBRULES-1851: analyst.readonly role is broken
Modified: labs/jbossrules/trunk/drools-guvnor/Guvnor.launch
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/Guvnor.launch 2008-12-02 16:42:20 UTC (rev 24216)
+++ labs/jbossrules/trunk/drools-guvnor/Guvnor.launch 2008-12-02 16:53:14 UTC (rev 24217)
@@ -15,7 +15,7 @@
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry containerPath="GWT_HOME/gwt-servlet.jar" path="3" type="3"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry containerPath="GWT_HOME/gwt-user.jar" path="3" type="3"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/acl-spi-2.0.2.CR6.jar" path="3" type="2"/> "/>
-<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/antlr-runtime-3.0.1.jar" path="3" type="2"/> "/>
+<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/antlr-runtime-3.1.1.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/authorization-spi-2.0.2.CR6.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/cobogw-1.0.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/commons-collections-3.1.jar" path="3" type="2"/> "/>
@@ -26,6 +26,7 @@
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/core-3.4.2.v_883_R34x.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/derby-10.2.1.6.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/dom4j-1.6.jar" path="3" type="2"/> "/>
+<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/drools-api-5.0.0.SNAPSHOT.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/drools-compiler-5.0.0.SNAPSHOT.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/drools-core-5.0.0.SNAPSHOT.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/drools-decisiontables-5.0.0.SNAPSHOT.jar" path="3" type="2"/> "/>
@@ -38,6 +39,7 @@
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/gwt-diagrams-0.2-RC00.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/gwt-servlet-1.5.2.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/gwtext-2.0.5.jar" path="3" type="2"/> "/>
+<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/hibernate-validator-3.0.0.GA.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/hsqldb-1.8.0.2.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/identity-impl-2.0.2.CR6.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/identity-spi-2.0.2.CR6.jar" path="3" type="2"/> "/>
@@ -59,13 +61,15 @@
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/jboss-security-acl-impl-2.0.2.CR6.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/jboss-security-spi-2.0.2.CR6.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/jcr-1.0.jar" path="3" type="2"/> "/>
+<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/joda-time-1.5.2.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/jta-1.0.1B.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/jxl-2.4.2.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/log4j-1.2.13.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/log4j-1.2.14.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/lucene-core-2.2.0.jar" path="3" type="2"/> "/>
-<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/mvel2-2.0.1-SNAPSHOT.jar" path="3" type="2"/> "/>
+<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/mvel2-2.0.4-SNAPSHOT.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/org.jboss.seam-jboss-seam-2.1.0.BETA1.jar" path="3" type="2"/> "/>
+<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/persistence-api-1.0.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/slf4j-api-1.4.3.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/slf4j-log4j12-1.4.3.jar" path="3" type="2"/> "/>
<listEntry value="<?xml version="1.0" encoding="UTF-8"?> <runtimeClasspathEntry internalArchive="/drools-guvnor/target/drools-guvnor/WEB-INF/lib/webdavlib-2.0.jar" path="3" type="2"/> "/>
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java 2008-12-02 16:42:20 UTC (rev 24216)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java 2008-12-02 16:53:14 UTC (rev 24217)
@@ -433,6 +433,7 @@
public RuleAsset loadRuleAsset(String uuid) throws SerializableException {
AssetItem item = repository.loadAssetByUUID( uuid );
RuleAsset asset = new RuleAsset();
+ boolean hasRightsToEdit = true;
asset.uuid = uuid;
@@ -443,6 +444,8 @@
Identity.instance().checkPermission( new PackageNameType( asset.metaData.packageName ),
RoleTypes.PACKAGE_READONLY );
+ // TODO: What about package read only, does is it really read only?
+
if ( asset.metaData.categories.length == 0 ) {
Identity.instance().checkPermission( new CategoryPathType( null ),
RoleTypes.ANALYST_READ );
@@ -451,6 +454,7 @@
RuntimeException exception = null;
for ( String cat : asset.metaData.categories ) {
+ // Check if user has a permission to read this asset.
try {
Identity.instance().checkPermission( new CategoryPathType( cat ),
RoleTypes.ANALYST_READ );
@@ -458,6 +462,13 @@
} catch ( RuntimeException e ) {
exception = e;
}
+ // Check if user has permission to edit this asset
+ try {
+ Identity.instance().checkPermission( new CategoryPathType( cat ),
+ RoleTypes.ANALYST );
+ } catch ( RuntimeException e ) {
+ hasRightsToEdit = false;
+ }
}
if ( !passed ) {
throw exception;
@@ -476,7 +487,7 @@
handler.retrieveAssetContent( asset,
pkgItem,
item );
- if ( pkgItem.isSnapshot() ) {
+ if ( pkgItem.isSnapshot() || !hasRightsToEdit ) {
asset.isreadonly = true;
}
return asset;
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java 2008-12-02 16:42:20 UTC (rev 24216)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java 2008-12-02 16:53:14 UTC (rev 24217)
@@ -119,16 +119,27 @@
}
return false;
} else {
- //category path based permission check only applies to analyst role. If there is no Analyst
- //role (e.g, only other roles like admin|package.admin|package.dev|package.readonly) we always grant permisssion.
+ //category path based permission check only applies to analyst and analyst.readonly role. If there is no Analyst or Analyst.readonly
+ //role (e.g, only other roles like admin|package.admin|package.dev|package.readonly) we always grant permission.
boolean isPermitted = true;
//return true when there is no analyst role, or one of the analyst role has permission to access this category
+
+ for (RoleBasedPermission pbp : permissions) {
- for (RoleBasedPermission pbp : permissions) {
- if (requestedPermType.equals(pbp.getRole()) || (requestedPermType.equals(RoleTypes.ANALYST_READ) && pbp.getRole().equals(RoleTypes.ANALYST))) {
+ // Check if there is a analyst or analyst.readonly role
+ if (pbp.getRole().equals(RoleTypes.ANALYST)
+ || pbp.getRole().equals(RoleTypes.ANALYST_READ)) {
isPermitted = false;
- if(isPermittedCategoryPath(requestedPath, pbp.getCategoryPath())) {
- return true;
+
+ // Check if user has permissions for the current category
+ if (requestedPermType.equals(pbp.getRole())
+ || (requestedPermType
+ .equals(RoleTypes.ANALYST_READ) && pbp
+ .getRole().equals(RoleTypes.ANALYST))) {
+ if (isPermittedCategoryPath(requestedPath, pbp
+ .getCategoryPath())) {
+ return true;
+ }
}
}
}
@@ -154,7 +165,7 @@
//package based permission check only applies to admin|package.admin|package.dev|package.readonly role.
//For Analyst we always grant permission.
for (RoleBasedPermission pbp : permissions) {
- if (RoleTypes.ANALYST.equals(pbp.getRole())) {
+ if (RoleTypes.ANALYST.equals(pbp.getRole()) || RoleTypes.ANALYST_READ.equals(pbp.getRole())) {
return true;
} else if (targetName.equalsIgnoreCase(pbp.getPackageName())
&& isPermittedPackage(requestedPermission, pbp.getRole())) {
Modified: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java 2008-12-02 16:42:20 UTC (rev 24216)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java 2008-12-02 16:53:14 UTC (rev 24217)
@@ -20,6 +20,7 @@
import org.drools.guvnor.server.security.RoleBasedPermissionManager;
import org.drools.guvnor.server.security.RoleTypes;
import org.drools.guvnor.server.util.TestEnvironmentSessionHelper;
+import org.drools.guvnor.server.util.ClassicDRLImporter.Asset;
import org.drools.repository.AssetItem;
import org.drools.repository.PackageItem;
import org.drools.repository.RulesRepository;
@@ -306,7 +307,147 @@
Lifecycle.endApplication();
}
}
+
+ public void testLoadRuleAssetWithRoleBasedAuthrozationAssetHasCategory()
+ throws Exception {
+ try {
+ String category1 = "testLoadRuleAssetWithRoleBasedAuthrozationAssetHasCategoryCat";
+
+ ServiceImplementation impl = getService();
+ PackageItem packageItem = impl.repository
+ .createPackage(
+ "testLoadRuleAssetWithRoleBasedAuthrozationAssetHasCategoryPack",
+ "desc");
+ String packageUuid = packageItem.getUUID();
+ impl.createCategory("", category1, "this is a cat");
+
+ String uuid = impl
+ .createNewRule(
+ "testLoadRuleAssetWithRoleBasedAuthrozationAssetHasCategory",
+ "description",
+ category1,
+ "testLoadRuleAssetWithRoleBasedAuthrozationAssetHasCategoryPack",
+ AssetFormats.DRL);
+
+ // Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+ midentity.addPermissionResolver(resolver);
+
+ Contexts.getSessionContext().set(
+ "org.jboss.seam.security.identity", midentity);
+ Contexts.getSessionContext().set(
+ "org.drools.guvnor.client.rpc.RepositoryService", impl);
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null,
+ category1));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(
+ pbps);
+ Contexts
+ .getSessionContext()
+ .set(
+ "org.drools.guvnor.server.security.RoleBasedPermissionStore",
+ store);
+
+ // Put permission list in session.
+ RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
+ testManager.create();
+ Contexts.getSessionContext().set("roleBasedPermissionManager",
+ testManager);
+
+ // now lets see if we can access this asset with the permissions
+ RuleAsset asset = null;
+ try {
+ asset = impl.loadRuleAsset(uuid);
+ } catch (AuthorizationException e) {
+ fail("User has permissions for the category");
+ }
+
+ // Check that asset is not read only with analyst.
+ assertNotNull(asset);
+ assertFalse(asset.isreadonly);
+
+ } finally {
+ Lifecycle.endApplication();
+ }
+ }
+
+ public void testLoadRuleAssetWithRoleBasedAuthrozationAssetHasCategoryReadOnly()
+ throws Exception {
+ try {
+
+ String category1 = "testLoadRuleAssetWithRoleBasedAuthrozationAssetHasCategoryReadOnlyCat";
+
+ ServiceImplementation impl = getService();
+ PackageItem packageItem = impl.repository
+ .createPackage(
+ "testLoadRuleAssetWithRoleBasedAuthrozationAssetHasCategoryReadOnlyPack",
+ "desc");
+ String packageUuid = packageItem.getUUID();
+ impl.createCategory("", category1, "this is a cat");
+
+ String uuid = impl
+ .createNewRule(
+ "testLoadRuleAssetWithRoleBasedAuthrozationAssetHasCategoryReadOnly",
+ "description",
+ category1,
+ "testLoadRuleAssetWithRoleBasedAuthrozationAssetHasCategoryReadOnlyPack",
+ AssetFormats.DRL);
+
+ // Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+ midentity.addPermissionResolver(resolver);
+
+ Contexts.getSessionContext().set(
+ "org.jboss.seam.security.identity", midentity);
+ Contexts.getSessionContext().set(
+ "org.drools.guvnor.client.rpc.RepositoryService", impl);
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST_READ,
+ null, category1));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(
+ pbps);
+ Contexts
+ .getSessionContext()
+ .set(
+ "org.drools.guvnor.server.security.RoleBasedPermissionStore",
+ store);
+
+ // Put permission list in session.
+ RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
+ testManager.create();
+ Contexts.getSessionContext().set("roleBasedPermissionManager",
+ testManager);
+
+ // now lets see if we can access this asset with the permissions
+ RuleAsset asset = null;
+ try {
+ asset = impl.loadRuleAsset(uuid);
+ } catch (AuthorizationException e) {
+ fail("User has permissions for the category");
+ }
+
+ // Check that asset is read only with analyst.readonly.
+ assertNotNull(asset);
+ assertTrue(asset.isreadonly);
+
+ } finally {
+ Lifecycle.endApplication();
+ }
+ }
+
//Access an asset that belongs to no category. The user role is analyst and package.admin.
//Because the analyst role the user has has no category access to the asset,
//the permission can not be granted even though the package.admin role has package access.
Modified: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/jboss/seam/security/permission/RoleBasedPermissionResolverTest.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/jboss/seam/security/permission/RoleBasedPermissionResolverTest.java 2008-12-02 16:42:20 UTC (rev 24216)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/jboss/seam/security/permission/RoleBasedPermissionResolverTest.java 2008-12-02 16:53:14 UTC (rev 24217)
@@ -81,41 +81,96 @@
public void testCategoryBasedPermissionAnalystReadOnly() throws Exception {
- //Mock up SEAM contexts
+ // Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ Contexts.getSessionContext().set("org.jboss.seam.security.identity",
+ midentity);
+ String package1Name = "testCategoryBasedPermissionAnalystPackageName1";
+ String package2Name = "testCategoryBasedPermissionAnalystPackageName2";
+
+ String categoryPath = "category1";
+ String categoryPath2 = "category2";
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_ADMIN,
+ package1Name, null));
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY,
+ package2Name, null));
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST_READ,
+ null, categoryPath));
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null,
+ categoryPath2));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(
+ pbps);
+ Contexts.getSessionContext().set(
+ "org.drools.guvnor.server.security.RoleBasedPermissionStore",
+ store);
+
+ // Put permission list in session.
+ RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
+ testManager.create();
+ Contexts.getSessionContext().set("roleBasedPermissionManager",
+ testManager);
+
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+
+ assertFalse(resolver.hasPermission(new CategoryPathType(categoryPath),
+ null));
+ assertTrue(resolver.hasPermission(new CategoryPathType(categoryPath2),
+ null));
+ assertFalse(resolver.hasPermission(new CategoryPathType(
+ "category3/category3"), null));
+ assertTrue(resolver.hasPermission(new CategoryPathType(categoryPath),
+ RoleTypes.ANALYST_READ));
+ assertFalse(resolver.hasPermission(new CategoryPathType(categoryPath),
+ RoleTypes.ANALYST));
+
+ assertTrue(resolver.hasPermission(new CategoryPathType(categoryPath2),
+ RoleTypes.ANALYST));
+ assertTrue(resolver.hasPermission(new CategoryPathType(categoryPath2),
+ RoleTypes.ANALYST_READ));
+
+ Lifecycle.endApplication();
+ }
+
+ public void testCategoryBasedPermissionAnalystReadOnly2() throws Exception {
+ // Mock up SEAM contexts
Map application = new HashMap<String, Object>();
Lifecycle.beginApplication(application);
Lifecycle.beginCall();
MockIdentity midentity = new MockIdentity();
- Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
- String package1Name = "testCategoryBasedPermissionAnalystPackageName1";
- String package2Name = "testCategoryBasedPermissionAnalystPackageName2";
-
+ Contexts.getSessionContext().set("org.jboss.seam.security.identity",
+ midentity);
+
+ String categoryPath = "category1";
+
List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_ADMIN, package1Name, null));
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, package2Name, null));
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST_READ, null, "category1"));
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category2"));
- MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
- Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
-
- // Put permission list in session.
- RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
- testManager.create();
- Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
-
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST_READ,
+ null, categoryPath));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(
+ pbps);
+ Contexts.getSessionContext().set(
+ "org.drools.guvnor.server.security.RoleBasedPermissionStore",
+ store);
+
+ // Put permission list in session.
+ RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
+ testManager.create();
+ Contexts.getSessionContext().set("roleBasedPermissionManager",
+ testManager);
+
RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
resolver.setEnableRoleBasedAuthorization(true);
-
- assertFalse(resolver.hasPermission(new CategoryPathType("category1"), null));
- assertTrue(resolver.hasPermission(new CategoryPathType("category2"), null));
- assertFalse(resolver.hasPermission(new CategoryPathType("category3/category3"), null));
- assertTrue(resolver.hasPermission(new CategoryPathType("category1"), RoleTypes.ANALYST_READ));
- assertFalse(resolver.hasPermission(new CategoryPathType("category1"), RoleTypes.ANALYST));
-
- assertTrue(resolver.hasPermission(new CategoryPathType("category2"), RoleTypes.ANALYST));
- assertTrue(resolver.hasPermission(new CategoryPathType("category2"), RoleTypes.ANALYST_READ));
-
-
+
+ assertTrue(resolver.hasPermission(new CategoryPathType(categoryPath),
+ RoleTypes.ANALYST_READ));
+ assertFalse(resolver.hasPermission(new CategoryPathType(categoryPath),
+ RoleTypes.ANALYST));
+
Lifecycle.endApplication();
}
More information about the jboss-svn-commits
mailing list