[jboss-svn-commits] JBL Code SVN: r22558 - in labs/jbossrules/trunk/drools-guvnor/src: main/java/org/drools/guvnor/server/security and 4 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Wed Sep 10 03:13:43 EDT 2008
Author: michael.neale at jboss.com
Date: 2008-09-10 03:13:42 -0400 (Wed, 10 Sep 2008)
New Revision: 22558
Modified:
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleBasedPermissionStore.java
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleTypes.java
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java
labs/jbossrules/trunk/drools-guvnor/src/main/webapp/org.drools.guvnor.Guvnor-aux/org.drools.guvnor.client.rpc.RepositoryService.rpc.log
labs/jbossrules/trunk/drools-guvnor/src/main/webapp/org.drools.guvnor.Guvnor-aux/org.drools.guvnor.client.rpc.SecurityService.rpc.log
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/CapabilityCalculatorTest.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/RoleBasedPermissionStoreTest.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/RoleTypesTest.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/jboss/seam/security/permission/RoleBasedPermissionResolverTest.java
Log:
allow read only category level permissions
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java 2008-09-10 05:17:33 UTC (rev 22557)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java 2008-09-10 07:13:42 UTC (rev 22558)
@@ -182,7 +182,7 @@
new AdminType(),
RoleTypes.ADMIN);
}
-
+
log.info("USER:" + repository.getSession().getUserID()
+ " CREATING cateogory: [" + name + "] in path [" + path + "]");
@@ -421,7 +421,7 @@
if(asset.metaData.categories.length == 0) {
Identity.instance().checkPermission(
new CategoryPathType(null),
- RoleTypes.ANALYST);
+ RoleTypes.ANALYST_READ);
} else {
boolean passed = false;
RuntimeException exception = null;
@@ -429,7 +429,7 @@
for (String cat : asset.metaData.categories) {
try {
Identity.instance().checkPermission(
- new CategoryPathType(cat), RoleTypes.ANALYST);
+ new CategoryPathType(cat), RoleTypes.ANALYST_READ);
passed = true;
} catch (RuntimeException e) {
exception = e;
@@ -723,7 +723,7 @@
new AdminType(),
RoleTypes.ADMIN);
}
-
+
log.info("USER:" + repository.getSession().getUserID()
+ " CREATING package [" + name + "]");
PackageItem item = repository.createPackage(name, description);
@@ -838,18 +838,18 @@
"probably have the parameters around the wrong way, sigh...");
}
AssetItemIterator it = repository.queryFullText(text, seekArchived);
-
+
// Add filter for READONLY permission
List<AssetItem> resultList = new ArrayList<AssetItem>();
RepositoryFilter filter = new PackageFilter();
-
+
while (it.hasNext()) {
AssetItem ai = it.next();
if (checkPackagePermissionHelper(filter, ai, RoleTypes.PACKAGE_READONLY)) {
resultList.add(ai);
}
- }
-
+ }
+
TableDisplayHandler handler = new TableDisplayHandler("searchresults");
return handler.loadRuleListTable(resultList, skip, numRows);
}
@@ -884,21 +884,21 @@
dates[1] = new DateQuery(AssetItem.LAST_MODIFIED_PROPERTY_NAME,
isoDate(modifiedAfter), isoDate(modifiedBefore));
AssetItemIterator it = repository.query(q, seekArchived, dates);
-
+
// Add Filter to check Permission
List<AssetItem> resultList = new ArrayList<AssetItem>();
-
+
RepositoryFilter packageFilter = new PackageFilter();
RepositoryFilter categoryFilter = new CategoryFilter();
-
+
while (it.hasNext()) {
AssetItem ai = it.next();
- if (checkPackagePermissionHelper(packageFilter, ai, RoleTypes.PACKAGE_READONLY) ||
- checkCategoryPermissionHelper(categoryFilter, ai, RoleTypes.ANALYST)) {
+ if (checkPackagePermissionHelper(packageFilter, ai, RoleTypes.PACKAGE_READONLY) ||
+ checkCategoryPermissionHelper(categoryFilter, ai, RoleTypes.ANALYST_READ)) {
resultList.add(ai);
}
- }
-
+ }
+
TableDisplayHandler handler = new TableDisplayHandler("searchresults");
return handler.loadRuleListTable(resultList, skip, numRows);
}
@@ -907,18 +907,18 @@
RepositoryFilter filter, AssetItem item, String roleType) {
return filter.accept(getConfigDataHelper(item.getPackage().getUUID()), roleType);
}
-
+
private boolean checkCategoryPermissionHelper(
RepositoryFilter filter, AssetItem item, String roleType) {
List<CategoryItem> tempCateList = item.getCategories();
for (Iterator<CategoryItem> i = tempCateList.iterator(); i.hasNext();) {
CategoryItem categoryItem = i.next();
-
+
if (filter.accept(categoryItem.getName(), roleType)) {
return true;
}
}
-
+
return false;
}
@@ -926,8 +926,8 @@
PackageConfigData data = new PackageConfigData();
data.uuid = uuidStr;
return data;
- }
-
+ }
+
private String isoDate(Date d) {
if (d != null) {
Calendar cal = Calendar.getInstance();
@@ -1182,7 +1182,7 @@
new AdminType(),
RoleTypes.ADMIN);
}
-
+
RulesRepositoryAdministrator admin = new RulesRepositoryAdministrator(
repository.getSession());
admin.clearRulesRepository();
@@ -1388,7 +1388,7 @@
new AdminType(),
RoleTypes.ADMIN);
}
-
+
try {
repository.copyPackage(sourcePackageName, destPackageName);
} catch (RulesRepositoryException e) {
@@ -1502,7 +1502,7 @@
new AdminType(),
RoleTypes.ADMIN);
}
-
+
Iterator pkit = repository.listPackages();
while (pkit.hasNext()) {
PackageItem pkg = (PackageItem) pkit.next();
@@ -1870,7 +1870,7 @@
new AdminType(),
RoleTypes.ADMIN);
}
-
+
return LoggingHelper.getMessages();
}
@@ -1974,7 +1974,7 @@
new AdminType(),
RoleTypes.ADMIN);
}
-
+
PermissionManager pm = new PermissionManager(repository);
return pm.listUsers();
}
@@ -1985,7 +1985,7 @@
new AdminType(),
RoleTypes.ADMIN);
}
-
+
PermissionManager pm = new PermissionManager(repository);
return pm.retrieveUserPermissions(userName);
}
@@ -1997,7 +1997,7 @@
new AdminType(),
RoleTypes.ADMIN);
}
-
+
PermissionManager pm = new PermissionManager(repository);
System.err.println(perms);
log.info("Updating user permissions for userName [" + userName + "] to [" + perms + "]");
@@ -2011,7 +2011,7 @@
new AdminType(),
RoleTypes.ADMIN);
}
-
+
return RoleTypes.listAvailableTypes();
}
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleBasedPermissionStore.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleBasedPermissionStore.java 2008-09-10 05:17:33 UTC (rev 22557)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleBasedPermissionStore.java 2008-09-10 07:13:42 UTC (rev 22558)
@@ -4,8 +4,6 @@
import java.util.List;
import java.util.Map;
-import javax.jcr.RepositoryException;
-
import org.drools.repository.RulesRepository;
import org.drools.repository.security.PermissionManager;
import org.jboss.seam.annotations.AutoCreate;
@@ -32,9 +30,9 @@
for (String roleType : perms.keySet()) {
if(RoleTypes.ADMIN.equals(roleType)) {
permissions.add(new RoleBasedPermission(userName, RoleTypes.ADMIN,
- null, null));
+ null, null));
}
-
+
List<String> permissionsPerRole = perms.get(roleType);
for (String permissionPerRole : permissionsPerRole) {
if (permissionPerRole.startsWith("package=")) {
@@ -54,12 +52,8 @@
return permissions;
}
- public List<RoleBasedPermission> getRoleBasedPermissionsByPackage(
- String packageName) {
- return null;
- }
- public void addRoleBasedPermission(String userName, RoleBasedPermission rbp) {
+ public void addRoleBasedPermissionForTesting(String userName, RoleBasedPermission rbp) {
PermissionManager permissionManager = new PermissionManager(repository);
Map<String, List<String>> perms = permissionManager
.retrieveUserPermissions(userName);
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleTypes.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleTypes.java 2008-09-10 05:17:33 UTC (rev 22557)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleTypes.java 2008-09-10 07:13:42 UTC (rev 22558)
@@ -5,30 +5,40 @@
public class RoleTypes {
- //Admin can do everything
+ /** Admin can do everything */
public final static String ADMIN = "admin";
- /*
+ /**
* Analyst only see the "rules" view, and we specify what category paths they
* can see. They can't create anything, only edit rules, and run tests etc,
* but only things that are exposed to them via categories
*/
public final static String ANALYST = "analyst";
- //package.admin can do everything within this package
+ /**
+ * Read only for categories (analyst view)
+ */
+ public final static String ANALYST_READ = "analyst.readonly";
+
+
+ /** package.admin can do everything within this package */
public final static String PACKAGE_ADMIN = "package.admin";
- /*
+ /**
* package.developer can do anything in that package but not snapshots. This
* includes creating a new package (in which case they inherit permissions
* for it).
*/
public final static String PACKAGE_DEVELOPER = "package.developer";
- //Read only
+ /**
+ * Read only for package.
+ */
public final static String PACKAGE_READONLY = "package.readonly";
+
+
/**
* @return A list of all available types.
*/
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java 2008-09-10 05:17:33 UTC (rev 22557)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java 2008-09-10 07:13:42 UTC (rev 22558)
@@ -96,7 +96,7 @@
return true;
}
- RoleBasedPermissionManager permManager = (RoleBasedPermissionManager)
+ RoleBasedPermissionManager permManager = (RoleBasedPermissionManager)
Component.getInstance("roleBasedPermissionManager");
List<RoleBasedPermission> permissions = permManager.getRoleBasedPermission();
@@ -115,8 +115,9 @@
//role (e.g, only other roles like admin|package.admin|package.dev|package.readonly) we always grant permisssion.
boolean isPermitted = true;
//return true when there is no analyst role, or one of the analyst role has permission to access this category
+ String requestedPermType = (requestedRole == null) ? RoleTypes.ANALYST : requestedRole;
for (RoleBasedPermission pbp : permissions) {
- if (RoleTypes.ANALYST.equals(pbp.getRole())) {
+ if (requestedPermType.equals(pbp.getRole()) || (requestedPermType.equals(RoleTypes.ANALYST_READ) && pbp.getRole().equals(RoleTypes.ANALYST))) {
isPermitted = false;
if(isPermittedCategoryPath(requestedPath, pbp.getCategoryPath())) {
return true;
@@ -155,7 +156,7 @@
return false;
}
}
-
+
private boolean hasAdminPermission(List<RoleBasedPermission> permissions) {
for (RoleBasedPermission p : permissions) {
if (RoleTypes.ADMIN.equalsIgnoreCase(p.getRole())) {
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/webapp/org.drools.guvnor.Guvnor-aux/org.drools.guvnor.client.rpc.RepositoryService.rpc.log
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/webapp/org.drools.guvnor.Guvnor-aux/org.drools.guvnor.client.rpc.RepositoryService.rpc.log 2008-09-10 05:17:33 UTC (rev 22557)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/webapp/org.drools.guvnor.Guvnor-aux/org.drools.guvnor.client.rpc.RepositoryService.rpc.log 2008-09-10 07:13:42 UTC (rev 22558)
@@ -1,4 +1,4 @@
-Reachable types computed on: Fri Sep 05 10:44:04 EST 2008
+Reachable types computed on: Wed Sep 10 17:05:17 EST 2008
com.google.gwt.i18n.client.impl.ConstantMap
Serialization status
Not serializable
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/webapp/org.drools.guvnor.Guvnor-aux/org.drools.guvnor.client.rpc.SecurityService.rpc.log
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/webapp/org.drools.guvnor.Guvnor-aux/org.drools.guvnor.client.rpc.SecurityService.rpc.log 2008-09-10 05:17:33 UTC (rev 22557)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/webapp/org.drools.guvnor.Guvnor-aux/org.drools.guvnor.client.rpc.SecurityService.rpc.log 2008-09-10 07:13:42 UTC (rev 22558)
@@ -1,4 +1,4 @@
-Reachable types computed on: Fri Sep 05 10:44:03 EST 2008
+Reachable types computed on: Wed Sep 10 17:05:17 EST 2008
com.google.gwt.i18n.client.impl.ConstantMap.OrderedConstantSet<T>
Serialization status
Not serializable
Modified: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/CapabilityCalculatorTest.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/CapabilityCalculatorTest.java 2008-09-10 05:17:33 UTC (rev 22557)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/CapabilityCalculatorTest.java 2008-09-10 07:13:42 UTC (rev 22558)
@@ -39,7 +39,7 @@
perms = new ArrayList<RoleBasedPermission>();
perms.add(new RoleBasedPermission("", RoleTypes.PACKAGE_READONLY, null, null));
perms.add(new RoleBasedPermission("", RoleTypes.PACKAGE_READONLY, null, null));
- perms.add(new RoleBasedPermission("", RoleTypes.ANALYST, null, null));
+ perms.add(new RoleBasedPermission("", RoleTypes.ANALYST_READ, null, null));
perms.add(new RoleBasedPermission("", RoleTypes.PACKAGE_DEVELOPER, null, null));
caps = loader.calcCapabilities(perms);
assertTrue(caps.list.contains(Capabilities.SHOW_PACKAGE_VIEW));
Modified: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/RoleBasedPermissionStoreTest.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/RoleBasedPermissionStoreTest.java 2008-09-10 05:17:33 UTC (rev 22557)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/RoleBasedPermissionStoreTest.java 2008-09-10 07:13:42 UTC (rev 22558)
@@ -36,12 +36,12 @@
public void testGetRoleBasedPermissionsByUserName() throws Exception {
RoleBasedPermissionStore store = getStore();
- store.addRoleBasedPermission("jervis", new RoleBasedPermission("jervis", RoleTypes.PACKAGE_ADMIN, "package1Name", null));
- store.addRoleBasedPermission("jervis", new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, "package2Name", null));
- store.addRoleBasedPermission("jervis", new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, "package3Name", null));
- store.addRoleBasedPermission("jervis", new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category1"));
- store.addRoleBasedPermission("john", new RoleBasedPermission("john", RoleTypes.ANALYST, null, "category2"));
- store.addRoleBasedPermission("johnson", new RoleBasedPermission("johnson", RoleTypes.ADMIN, null, null));
+ store.addRoleBasedPermissionForTesting("jervis", new RoleBasedPermission("jervis", RoleTypes.PACKAGE_ADMIN, "package1Name", null));
+ store.addRoleBasedPermissionForTesting("jervis", new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, "package2Name", null));
+ store.addRoleBasedPermissionForTesting("jervis", new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, "package3Name", null));
+ store.addRoleBasedPermissionForTesting("jervis", new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category1"));
+ store.addRoleBasedPermissionForTesting("john", new RoleBasedPermission("john", RoleTypes.ANALYST, null, "category2"));
+ store.addRoleBasedPermissionForTesting("johnson", new RoleBasedPermission("johnson", RoleTypes.ADMIN, null, null));
List<RoleBasedPermission> perms = store.getRoleBasedPermissionsByUserName("jervis");
assertTrue(perms.size() == 4);
Modified: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/RoleTypesTest.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/RoleTypesTest.java 2008-09-10 05:17:33 UTC (rev 22557)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/RoleTypesTest.java 2008-09-10 07:13:42 UTC (rev 22558)
@@ -6,7 +6,7 @@
public void testListAllTypes() {
String[] t = RoleTypes.listAvailableTypes();
- assertEquals(5, t.length);
+ assertEquals(6, t.length);
assertEquals("admin", t[0]);
}
Modified: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/jboss/seam/security/permission/RoleBasedPermissionResolverTest.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/jboss/seam/security/permission/RoleBasedPermissionResolverTest.java 2008-09-10 05:17:33 UTC (rev 22557)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/jboss/seam/security/permission/RoleBasedPermissionResolverTest.java 2008-09-10 07:13:42 UTC (rev 22558)
@@ -53,25 +53,73 @@
pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, package2Name, null));
pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category1"));
pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category2"));
- MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
// Put permission list in session.
RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
testManager.create();
- Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
-
+ Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
+
RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
resolver.setEnableRoleBasedAuthorization(true);
-
+
assertTrue(resolver.hasPermission(new CategoryPathType("category1"), null));
assertTrue(resolver.hasPermission(new CategoryPathType("category2"), null));
assertFalse(resolver.hasPermission(new CategoryPathType("category3/category3"), null));
assertTrue(resolver.hasPermission(new CategoryPathType("/category1/category2"), null));
+ assertTrue(resolver.hasPermission(new CategoryPathType("category2"), RoleTypes.ANALYST));
+ assertTrue(resolver.hasPermission(new CategoryPathType("category2"), RoleTypes.ANALYST_READ));
+
+ assertFalse(resolver.hasPermission(new CategoryPathType("category3/category3"), RoleTypes.ANALYST));
+ assertFalse(resolver.hasPermission(new CategoryPathType("category3/category3"), RoleTypes.ANALYST_READ));
+
+
+
Lifecycle.endApplication();
}
+
+ public void testCategoryBasedPermissionAnalystReadOnly() throws Exception {
+ //Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
+ String package1Name = "testCategoryBasedPermissionAnalystPackageName1";
+ String package2Name = "testCategoryBasedPermissionAnalystPackageName2";
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_ADMIN, package1Name, null));
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, package2Name, null));
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST_READ, null, "category1"));
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category2"));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
+
+ // Put permission list in session.
+ RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
+ testManager.create();
+ Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
+
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+
+ assertFalse(resolver.hasPermission(new CategoryPathType("category1"), null));
+ assertTrue(resolver.hasPermission(new CategoryPathType("category2"), null));
+ assertFalse(resolver.hasPermission(new CategoryPathType("category3/category3"), null));
+ assertTrue(resolver.hasPermission(new CategoryPathType("category1"), RoleTypes.ANALYST_READ));
+ assertFalse(resolver.hasPermission(new CategoryPathType("category1"), RoleTypes.ANALYST));
+
+ assertTrue(resolver.hasPermission(new CategoryPathType("category2"), RoleTypes.ANALYST));
+ assertTrue(resolver.hasPermission(new CategoryPathType("category2"), RoleTypes.ANALYST_READ));
+
+
+ Lifecycle.endApplication();
+ }
+
public void testIsSubPath() {
RoleBasedPermissionResolver pr = new RoleBasedPermissionResolver();
assertTrue(pr.isSubPath("foo", "foo/bar"));
@@ -87,166 +135,166 @@
assertFalse(pr.isSubPath("foo1", "foo2"));
assertTrue(pr.isSubPath("foo1", "foo1"));
}
-
+
//admin: everything
public void testPackageBasedPermissionAdmin() throws Exception {
//Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
+ Map application = new HashMap<String, Object>();
Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
+ Lifecycle.beginCall();
MockIdentity midentity = new MockIdentity();
Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
String package1Name = "testPackageBasedPermissionAdminPackageName1";
String package2Name = "testPackageBasedPermissionAdminPackageName2";
-
+
List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
pbps.add(new RoleBasedPermission("jervis", RoleTypes.ADMIN, package1Name, null));
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, package2Name, null));
- MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, package2Name, null));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
-
+
// Put permission list in session.
RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
testManager.create();
- Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
-
+ Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
+
RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
resolver.setEnableRoleBasedAuthorization(true);
-
+
assertTrue(resolver.hasPermission(new PackageNameType(package1Name), RoleTypes.ADMIN));
assertTrue(resolver.hasPermission(new PackageNameType(package2Name), RoleTypes.ADMIN));
Lifecycle.endApplication();
- }
-
+ }
+
//Package.admin: everything for that package, including creating snapshots for that package.
public void testPackageBasedPermissionPackageAdmin() throws Exception {
//Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
+ Map application = new HashMap<String, Object>();
Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
+ Lifecycle.beginCall();
MockIdentity midentity = new MockIdentity();
- Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
-
+ Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
+
String packageName = "testPackageBasedPermissionPackageAdminPackageName";
-
+
List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_ADMIN, packageName, null));
- MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
// Put permission list in session.
RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
testManager.create();
- Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
-
+ Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
+
RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
resolver.setEnableRoleBasedAuthorization(true);
-
+
assertTrue(resolver.hasPermission(new PackageNameType(packageName), RoleTypes.PACKAGE_ADMIN));
assertTrue(resolver.hasPermission(new PackageNameType(packageName), RoleTypes.PACKAGE_DEVELOPER));
assertTrue(resolver.hasPermission(new PackageNameType(packageName), RoleTypes.PACKAGE_READONLY));
-
+
assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", RoleTypes.PACKAGE_READONLY));
- Lifecycle.endApplication();
- }
-
+ Lifecycle.endApplication();
+ }
+
//Package.developer: everything for that package, NOT snapshots (can view snapshots of that package only)
public void testPackageBasedPermissionPackageDeveloper() throws Exception {
//Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
+ Map application = new HashMap<String, Object>();
Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
String package1Name = "testPackageBasedPermissionPackageDeveloperPackageName1";
String package2Name = "testPackageBasedPermissionPackageDeveloperPackageName2";
-
+
List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_DEVELOPER, package1Name, null));
- MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_DEVELOPER, package1Name, null));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
-
+
// Put permission list in session.
RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
testManager.create();
- Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
-
+ Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
+
RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
resolver.setEnableRoleBasedAuthorization(true);
-
+
assertFalse(resolver.hasPermission(new PackageNameType(package1Name), RoleTypes.PACKAGE_ADMIN));
assertTrue(resolver.hasPermission(new PackageNameType(package1Name), RoleTypes.PACKAGE_DEVELOPER));
assertTrue(resolver.hasPermission(new PackageNameType(package1Name), RoleTypes.PACKAGE_READONLY));
-
+
assertFalse(resolver.hasPermission(package2Name, RoleTypes.PACKAGE_READONLY));
- Lifecycle.endApplication();
- }
-
+ Lifecycle.endApplication();
+ }
+
//Package.readonly: read only as the name suggested
public void testPackageBasedPermissionPackageReadOnly() throws Exception {
//Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
+ Map application = new HashMap<String, Object>();
Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
+ Lifecycle.beginCall();
MockIdentity midentity = new MockIdentity();
Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
String package1Name = "testPackageBasedPermissionPackageReadOnlyPackageName1";
String package2Name = "testPackageBasedPermissionPackageReadOnlyPackageName2";
-
+
List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, package1Name, null));
- MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, package1Name, null));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
-
+
// Put permission list in session.
RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
testManager.create();
- Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
-
+ Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
+
RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
resolver.setEnableRoleBasedAuthorization(true);
-
+
assertFalse(resolver.hasPermission(new PackageNameType(package1Name), RoleTypes.PACKAGE_DEVELOPER));
assertFalse(resolver.hasPermission(new PackageNameType(package1Name), RoleTypes.PACKAGE_DEVELOPER));
assertTrue(resolver.hasPermission(new PackageNameType(package1Name), RoleTypes.PACKAGE_READONLY));
-
+
assertFalse(resolver.hasPermission(package2Name, RoleTypes.PACKAGE_READONLY));
- Lifecycle.endApplication();
- }
-
+ Lifecycle.endApplication();
+ }
+
public void testPackageBasedPermissionAnalyst() throws Exception {
//Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
+ Map application = new HashMap<String, Object>();
Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
+ Lifecycle.beginCall();
MockIdentity midentity = new MockIdentity();
Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
String package1Name = "testPackageBasedPermissionAnalystPackageName1";
String package2Name = "testPackageBasedPermissionAnalystPackageName2";
-
+
List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, package1Name, null));
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category1"));
- MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, package1Name, null));
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category1"));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
-
+
// Put permission list in session.
RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
testManager.create();
- Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
-
+ Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
+
RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
resolver.setEnableRoleBasedAuthorization(true);
-
+
assertTrue(resolver.hasPermission(new PackageNameType(package1Name), RoleTypes.ANALYST));
assertTrue(resolver.hasPermission(new PackageNameType(package2Name), RoleTypes.ANALYST));
- Lifecycle.endApplication();
- }
-
+ Lifecycle.endApplication();
+ }
+
}
More information about the jboss-svn-commits
mailing list