[jboss-svn-commits] JBL Code SVN: r32799 - in labs/jbossrules/trunk/drools-guvnor/src: main/java/org/jboss/seam/security/permission and 2 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Mon May 10 13:23:02 EDT 2010
Author: jervisliu
Date: 2010-05-10 13:23:01 -0400 (Mon, 10 May 2010)
New Revision: 32799
Modified:
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/jboss/seam/security/permission/RoleBasedPermissionResolverTest.java
Log:
https://jira.jboss.org/jira/browse/GUVNOR-533: package admins can access other packages if got access to unrelated categories
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java 2010-05-10 17:10:52 UTC (rev 32798)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java 2010-05-10 17:23:01 UTC (rev 32799)
@@ -360,6 +360,12 @@
}
}
+ /**
+ * Role-based Authorization check: This method only returns packages that the user has
+ * permission to access. User has permission to access the particular package when:
+ * The user has a package.readonly role or higher (i.e., package.admin, package.developer)
+ * to this package.
+ */
@WebRemote
@Restrict("#{identity.loggedIn}")
public PackageConfigData[] listPackages() {
@@ -478,13 +484,9 @@
/**
* loadRuleListForCategories
*
- * Role-based Authorization check: This method can be accessed if user has
- * following permissions:
- * 1. The user has Analyst role and this role has permission to access the category
- * Or.
- * 2. The user has one of the following roles: package.readonly|package.admin|package.developer.
- * In this case, this method only returns assets that belong to packages the role has at least
- * package.readonly permission to access.
+ * Role-based Authorization check: This method only returns rules that the user has
+ * permission to access. The user is considered to has permission to access the particular category when:
+ * The user has ANALYST_READ role or higher (i.e., ANALYST) to this category
*/
public TableDataResult loadRuleListForCategories(String categoryPath,
int skip,
@@ -503,15 +505,10 @@
}
}
- //use AssetItemFilter to enforce package-based permissions.
- // RepositoryFilter filter = new AssetItemFilter();
- // Filter is null since the permission is checked on category level.
- RepositoryFilter filter = null;
AssetPageList list = repository.findAssetsByCategory( categoryPath,
false,
skip,
- numRows,
- filter );
+ numRows);
TableDisplayHandler handler = new TableDisplayHandler( tableConfig );
// log.debug("time for load: " + (System.currentTimeMillis() - time) );
return handler.loadRuleListTable( list );
@@ -527,6 +524,7 @@
// love you
// long time = System.currentTimeMillis();
+ //TODO: May need to use a filter that acts on both package based and category based.
RepositoryFilter filter = new AssetItemFilter();
AssetPageList list = repository.findAssetsByState( stateName,
false,
@@ -551,10 +549,10 @@
*
* Role-based Authorization check: This method can be accessed if user has
* following permissions:
- * 1. The user has Analyst role and this role has permission to access the category
- * which the asset belongs to.
+ * 1. The user has a ANALYST_READ role or higher (i.e., ANALYST) and this role has permission
+ * to access the category which the asset belongs to.
* Or.
- * 2. The user has package.readonly role (or package.admin, package.developer)
+ * 2. The user has a package.readonly role or higher (i.e., package.admin, package.developer)
* and this role has permission to access the package which the asset belongs to.
*/
@WebRemote
@@ -571,32 +569,39 @@
// load standard meta data
asset.metaData = populateMetaData( item );
- if ( Contexts.isSessionContextActive() ) {
- Identity.instance().checkPermission( new PackageNameType( asset.metaData.packageName ),
- RoleTypes.PACKAGE_READONLY );
+ //Verify if the user has permission to access the asset through package based permission.
+ //If failed, then verify if the user has permission to access the asset through category
+ //based permission
+ if (Contexts.isSessionContextActive()) {
+ boolean passed = false;
- if ( asset.metaData.categories.length == 0 ) {
- Identity.instance().checkPermission( new CategoryPathType( null ),
- RoleTypes.ANALYST_READ );
- } else {
- boolean passed = false;
- RuntimeException exception = null;
+ try {
+ Identity.instance().checkPermission(
+ new PackageNameType(asset.metaData.packageName),
+ RoleTypes.PACKAGE_READONLY);
+ } catch (RuntimeException e) {
+ if (asset.metaData.categories.length == 0) {
+ Identity.instance().checkPermission(
+ new CategoryPathType(null), RoleTypes.ANALYST_READ);
+ } else {
+ RuntimeException exception = null;
- for ( String cat : asset.metaData.categories ) {
- // Check if user has a permission to read this asset.
- try {
- Identity.instance().checkPermission( new CategoryPathType( cat ),
- RoleTypes.ANALYST_READ );
- passed = true;
- } catch ( RuntimeException e ) {
- exception = e;
- }
- }
- if ( !passed ) {
- throw exception;
- }
- }
- }
+ for (String cat : asset.metaData.categories) {
+ try {
+ Identity.instance().checkPermission(
+ new CategoryPathType(cat),
+ RoleTypes.ANALYST_READ);
+ passed = true;
+ } catch (RuntimeException re) {
+ exception = re;
+ }
+ }
+ if (!passed) {
+ throw exception;
+ }
+ }
+ }
+ }
// get package header
@@ -711,39 +716,49 @@
*
* Role-based Authorization check: This method can be accessed if user has
* following permissions:
- * 1. The user has Analyst role and this role has permission to access the category
+ * 1. The user has a Analyst role and this role has permission to access the category
* which the asset belongs to.
* Or.
- * 2. The user has package.readonly role (or package.admin, package.developer)
+ * 2. The user has a package.developer role or higher (i.e., package.admin)
* and this role has permission to access the package which the asset belongs to.
*/
public String checkinVersion(RuleAsset asset) throws SerializableException {
- if ( Contexts.isSessionContextActive() ) {
- Identity.instance().checkPermission( new PackageNameType( asset.metaData.packageName ),
- RoleTypes.PACKAGE_DEVELOPER );
+
+ //Verify if the user has permission to access the asset through package based permission.
+ //If failed, then verify if the user has permission to access the asset through category
+ //based permission
+ if (Contexts.isSessionContextActive()) {
+ boolean passed = false;
- if ( asset.metaData.categories.length == 0 ) {
- Identity.instance().checkPermission( new CategoryPathType( null ),
- RoleTypes.ANALYST );
- } else {
- boolean passed = false;
- RuntimeException exception = null;
+ try {
+ Identity.instance().checkPermission(
+ new PackageNameType(asset.metaData.packageName),
+ RoleTypes.PACKAGE_DEVELOPER);
+ } catch (RuntimeException e) {
+ if (asset.metaData.categories.length == 0) {
+ Identity.instance().checkPermission(
+ new CategoryPathType(null), RoleTypes.ANALYST);
+ } else {
+ RuntimeException exception = null;
- for ( String cat : asset.metaData.categories ) {
- try {
- Identity.instance().checkPermission( new CategoryPathType( cat ),
- RoleTypes.ANALYST );
- passed = true;
- } catch ( RuntimeException e ) {
- exception = e;
- }
- }
- if ( !passed ) {
- throw exception;
- }
- }
- }
-
+ for (String cat : asset.metaData.categories) {
+ try {
+ Identity.instance().checkPermission(
+ new CategoryPathType(cat),
+ RoleTypes.ANALYST);
+ passed = true;
+ } catch (RuntimeException re) {
+ exception = re;
+ }
+ }
+ if (!passed) {
+ throw exception;
+ }
+ }
+ }
+ }
+
+
log.info( "USER:" + getCurrentUserName() + " CHECKING IN asset: [" + asset.metaData.name + "] UUID: [" + asset.uuid + "] " );
AssetItem repoAsset = repository.loadAssetByUUID( asset.uuid );
@@ -1261,6 +1276,16 @@
return result;
}
+ /**
+ *
+ * Role-based Authorization check: This method can be accessed if user has
+ * following permissions:
+ * 1. The user has a Analyst role and this role has permission to access the category
+ * which the asset belongs to.
+ * Or.
+ * 2. The user has a package.developer role or higher (i.e., package.admin)
+ * and this role has permission to access the package which the asset belongs to.
+ */
@WebRemote
@Restrict("#{identity.loggedIn}")
public void changeState(String uuid,
@@ -1268,57 +1293,55 @@
boolean wholePackage) {
if ( !wholePackage ) {
-
AssetItem asset = repository.loadAssetByUUID( uuid );
- log.info( "USER:" + getCurrentUserName() + " CHANGING ASSET STATUS. Asset name, uuid: " + "[" + asset.getName() + ", " + asset.getUUID() + "]" + " to [" + newState + "]" );
+
+ //Verify if the user has permission to access the asset through package based permission.
+ //If failed, then verify if the user has permission to access the asset through category
+ //based permission
+ if (Contexts.isSessionContextActive()) {
+ boolean passed = false;
- if ( Contexts.isSessionContextActive() ) {
- Identity.instance().checkPermission( new PackageUUIDType( asset.getPackage().getUUID() ),
- RoleTypes.PACKAGE_DEVELOPER );
+ try {
+ Identity.instance().checkPermission(
+ new PackageUUIDType(asset.getPackage().getUUID()),
+ RoleTypes.PACKAGE_DEVELOPER);
+ } catch (RuntimeException e) {
+ if (asset.getCategories().size() == 0) {
+ Identity.instance().checkPermission(
+ new CategoryPathType(null), RoleTypes.ANALYST);
+ } else {
+ RuntimeException exception = null;
- try {
- RuleAsset ruleAsset = loadAsset( asset );
+ for (CategoryItem cat : asset.getCategories()) {
+ try {
+ Identity.instance().checkPermission(
+ new CategoryPathType(cat.getName()),
+ RoleTypes.ANALYST);
+ passed = true;
+ } catch (RuntimeException re) {
+ exception = re;
+ }
+ }
+ if (!passed) {
+ throw exception;
+ }
+ }
+ }
+ }
+
+
+ log.info("USER:" + getCurrentUserName()
+ + " CHANGING ASSET STATUS. Asset name, uuid: " + "["
+ + asset.getName() + ", " + asset.getUUID() + "]" + " to ["
+ + newState + "]");
+ String oldState = asset.getStateDescription();
+ asset.updateState(newState);
- if ( ruleAsset.metaData.categories.length == 0 ) {
- Identity.instance().checkPermission( new CategoryPathType( null ),
- RoleTypes.ANALYST_READ );
- } else {
+ push("statusChange", oldState);
+ push("statusChange", newState);
- // Check category permissions
- boolean passed = false;
- RuntimeException exception = null;
-
- for ( String cat : ruleAsset.metaData.categories ) {
- try {
- Identity.instance().checkPermission( new CategoryPathType( cat ),
- RoleTypes.ANALYST );
- passed = true;
- } catch ( RuntimeException e ) {
- exception = e;
- }
- }
- if ( !passed ) {
- throw exception;
- }
- }
- } catch ( RulesRepositoryException e ) {
- // This was not a rule asset
- } catch ( Exception e ) {
- // This was not a rule asset
- }
-
- String oldState = asset.getStateDescription();
- asset.updateState( newState );
-
- push( "statusChange",
- oldState );
- push( "statusChange",
- newState );
-
- addToDiscussionForAsset( asset.getUUID(),
- oldState + " -> " + newState );
-
- }
+ addToDiscussionForAsset(asset.getUUID(), oldState + " -> "
+ + newState);
} else {
if ( Contexts.isSessionContextActive() ) {
Identity.instance().checkPermission( new PackageUUIDType( uuid ),
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java 2010-05-10 17:10:52 UTC (rev 32798)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java 2010-05-10 17:23:01 UTC (rev 32799)
@@ -30,22 +30,16 @@
*
* This PermissionResolver resolves category-based permissions and package-based permissions.
*
- * If the input is category-based request, it returns true under following situations:
- *
- * For category-based permissions:
+ * If the input is category-based request, the resolver returns true under following situations:
* 1. The user is admin
* Or
- * 2. The user has at least one analyst role, and at least one of the analyst role has access to requested category path.
- * Or
- * 3. The user does not have any Analyst role(eg, the user only has other roles like package.admin|package.developer|package.readonly)
+ * 2. The user has at least one analyst role that has access to the requested category path.
*
- * If the input is package-based request, it returns true under following situations:
+ * If the input is package-based request, the resolver returns true under following situations:
* 1. The user is admin
* Or
* 2. The user has one of the following roles package.admin|package.developer|package.readonly on the requested
* package, and requested role requires lower privilege than assigned role(I.e., package.admin>package.developer>package.readonly)
- * Or
- * 3. The user is Analyst
*
*
@@ -120,17 +114,10 @@
}
return false;
} else {
- //category path based permission check only applies to analyst and analyst.readonly role. If there is no Analyst or Analyst.readonly
- //role (e.g, only other roles like admin|package.admin|package.dev|package.readonly) we always grant permission.
- boolean isPermitted = true;
- //return true when there is no analyst role, or one of the analyst role has permission to access this category
-
for ( RoleBasedPermission pbp : permissions ) {
-
// Check if there is a analyst or analyst.readonly role
if ( pbp.getRole().equals( RoleTypes.ANALYST ) || pbp.getRole().equals( RoleTypes.ANALYST_READ ) ) {
- isPermitted = false;
-
+
// Check if user has permissions for the current category
if ( requestedPermType.equals( pbp.getRole() ) || (requestedPermType.equals( RoleTypes.ANALYST_READ ) && pbp.getRole().equals( RoleTypes.ANALYST )) ) {
if ( isPermittedCategoryPath( requestedPath,
@@ -141,7 +128,7 @@
}
}
- return isPermitted;
+ return false;
}
} else {
String targetName = "";
@@ -158,12 +145,8 @@
targetName = ((PackageNameType) requestedObject).getPackageName();
}
- //package based permission check only applies to admin|package.admin|package.dev|package.readonly role.
- //For Analyst we always grant permission, unless we are connected through webdav.
for ( RoleBasedPermission pbp : permissions ) {
- if ( !(requestedObject instanceof WebDavPackageNameType) && (RoleTypes.ANALYST.equals( pbp.getRole() ) || RoleTypes.ANALYST_READ.equals( pbp.getRole() )) ) {
- return true;
- } else if ( targetName.equalsIgnoreCase( pbp.getPackageName() ) && isPermittedPackage( requestedPermission,
+ if ( targetName.equalsIgnoreCase( pbp.getPackageName() ) && isPermittedPackage( requestedPermission,
pbp.getRole() ) ) {
return true;
}
@@ -184,7 +167,9 @@
private boolean isPermittedCategoryPath(String requestedPath,
String allowedPath) {
- if ( requestedPath == null || allowedPath == null ) {
+ if ( requestedPath == null && allowedPath == null ) {
+ return true;
+ } else if ( requestedPath == null || allowedPath == null ) {
return false;
}
return requestedPath.equals( allowedPath ) || isSubPath( allowedPath,
Modified: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java 2010-05-10 17:10:52 UTC (rev 32798)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java 2010-05-10 17:23:01 UTC (rev 32799)
@@ -10,6 +10,7 @@
import org.drools.guvnor.client.common.AssetFormats;
import org.drools.guvnor.client.rpc.MetaDataQuery;
+import org.drools.guvnor.client.rpc.PackageConfigData;
import org.drools.guvnor.client.rpc.RuleAsset;
import org.drools.guvnor.client.rpc.RuleContentText;
import org.drools.guvnor.client.rpc.TableDataResult;
@@ -31,26 +32,26 @@
public class ServiceImplSecurityTest extends TestCase {
- public void testLoadRuleAssetWithRoleBasedAuthrozationAnalyst() throws Exception {
+ public void testLoadRuleAssetAnalyst() throws Exception {
try {
ServiceImplementation impl = getService();
impl.repository.createPackage(
- "testLoadRuleAssetWithRoleBasedAuthrozation", "desc");
+ "testLoadRuleAssetAnalystPack1", "desc");
impl.createCategory("",
- "testLoadRuleAssetWithRoleBasedAuthrozationCat1",
+ "testLoadRuleAssetAnalystCat1",
"this is a cat");
impl.createCategory("",
- "testLoadRuleAssetWithRoleBasedAuthrozationCat2",
+ "testLoadRuleAssetAnalystCat2",
"this is a cat");
- String uuid1 = impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
+ String uuid1 = impl.createNewRule("testLoadRuleAssetAnalystRule1",
"description",
- "testLoadRuleAssetWithRoleBasedAuthrozationCat1",
- "testLoadRuleAssetWithRoleBasedAuthrozation", AssetFormats.DRL);
- String uuid2 = impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation2",
+ "testLoadRuleAssetAnalystCat1",
+ "testLoadRuleAssetAnalystPack1", AssetFormats.DRL);
+ String uuid2 = impl.createNewRule("testLoadRuleAssetAnalystRule2",
"description",
- "testLoadRuleAssetWithRoleBasedAuthrozationCat2",
- "testLoadRuleAssetWithRoleBasedAuthrozation", AssetFormats.DRL);
+ "testLoadRuleAssetAnalystCat2",
+ "testLoadRuleAssetAnalystPack1", AssetFormats.DRL);
// Mock up SEAM contexts
Map application = new HashMap<String, Object>();
@@ -71,7 +72,7 @@
List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null,
- "testLoadRuleAssetWithRoleBasedAuthrozationCat1"));
+ "testLoadRuleAssetAnalystCat1"));
MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
@@ -82,8 +83,7 @@
//now lets see if we can access this asset with the permissions
RuleAsset asset = impl.loadRuleAsset(uuid1);
- try {
-
+ try {
asset = impl.loadRuleAsset(uuid2);
fail("Did not catch expected exception");
} catch (AuthorizationException e) {
@@ -93,27 +93,27 @@
}
}
- public void testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonly() throws Exception {
+ public void testLoadRuleAssetPackageReadonly() throws Exception {
try {
ServiceImplementation impl = getService();
- String package1Name = "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyPack1";
+ String package1Name = "testLoadRuleAssetPackageReadonlyPack1";
String package1Uuid = impl.createPackage(package1Name, "desc");
impl.createCategory("",
- "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyCat1",
+ "testLoadRuleAssetPackageReadonlyCat1",
"this is a cat");
- String uuid1 = impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
+ String uuid1 = impl.createNewRule("testLoadRuleAssetPackageReadonlyRule1",
"description",
- "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyCat1",
- "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyPack1", AssetFormats.DRL);
+ "testLoadRuleAssetPackageReadonlyCat1",
+ "testLoadRuleAssetPackageReadonlyPack1", AssetFormats.DRL);
impl.repository.createPackage(
- "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyPack2", "desc");
+ "testLoadRuleAssetPackageReadonlyPack2", "desc");
- String uuid2 = impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
+ String uuid2 = impl.createNewRule("testLoadRuleAssetPackageReadonlyRule2",
"description",
- "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyCat1",
- "testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyPack2", AssetFormats.DRL);
+ "testLoadRuleAssetPackageReadonlyCat1",
+ "testLoadRuleAssetPackageReadonlyPack2", AssetFormats.DRL);
// Mock up SEAM contexts
Map application = new HashMap<String, Object>();
@@ -154,25 +154,23 @@
}
}
- // Access an asset that belongs to no category. e.g., Packages -> Create New
- // -> "upload new�Model jar".
- // The user role is admin
- public void testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategory() throws Exception {
+ // Access an asset that belongs to no category. No role permission defined. RoleBasedAuthorization is not enabled
+ public void testLoadRuleAssetNoCategory() throws Exception {
try {
ServiceImplementation impl = getService();
impl.repository.createPackage(
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryPack",
+ "testLoadRuleAssetNoCategoryPack1",
"desc");
impl.createCategory(
"",
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryCat",
+ "testLoadRuleAssetNoCategoryCat1",
"this is a cat");
String uuid = impl.createNewRule(
- "testLoadRuleAssetWithRoleBasedAuthrozation",
+ "testLoadRuleAssetNoCategoryRule1",
"description",
null,
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryPack",
+ "testLoadRuleAssetNoCategoryPack1",
AssetFormats.DRL);
// Mock up SEAM contexts
@@ -207,23 +205,23 @@
}
}
- //Access an asset that belongs to no category. e.g., Packages -> Create New -> "upload new�Model jar".
+ //Access an asset that belongs to no category.
//The user role is admin
- public void testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryPackageAdmin() throws Exception {
+ public void testLoadRuleAssetNoCategoryPackageAdmin() throws Exception {
try {
ServiceImplementation impl = getService();
PackageItem packageItem = impl.repository.createPackage(
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryPackageAdminPack", "desc");
+ "testLoadRuleAssetNoCategoryPackageAdminPack1", "desc");
String packageName = packageItem.getName();
String packageUuid = packageItem.getUUID();
impl.createCategory("",
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryPackageAdminCat",
+ "testLoadRuleAssetNoCategoryPackageAdminCat1",
"this is a cat");
- String uuid = impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
+ String uuid = impl.createNewRule("testLoadRuleAssetNoCategoryPackageAdminRule1",
"description",
null,
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryPackageAdminPack", AssetFormats.DRL);
+ "testLoadRuleAssetNoCategoryPackageAdminPack1", AssetFormats.DRL);
// Mock up SEAM contexts
Map application = new HashMap<String, Object>();
@@ -260,23 +258,31 @@
}
}
- //Access an asset that belongs to no category. e.g., Packages -> Create New -> "upload new�Model jar".
+ //Access an asset that belongs to no category.
//The user role is analyst
- public void testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryAnalyst() throws Exception {
+ public void testLoadRuleAssetNoCategoryAnalystNegative() throws Exception {
try {
ServiceImplementation impl = getService();
PackageItem packageItem = impl.repository.createPackage(
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryAnalystPack", "desc");
+ "testLoadRuleAssetNoCategoryAnalystPack1", "desc");
String packageUuid = packageItem.getUUID();
impl.createCategory("",
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryAnalystCat",
+ "testLoadRuleAssetNoCategoryAnalystCat1",
"this is a cat");
-
- String uuid = impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
+ impl.createCategory("",
+ "testLoadRuleAssetNoCategoryAnalystCat2",
+ "this is a cat");
+
+ String uuid1 = impl.createNewRule("testLoadRuleAssetNoCategoryAnalystRule1",
"description",
null,
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryAnalystPack", AssetFormats.DRL);
+ "testLoadRuleAssetNoCategoryAnalystPack1", AssetFormats.DRL);
+ String uuid2 = impl.createNewRule("testLoadRuleAssetNoCategoryAnalystRule2",
+ "description",
+ "testLoadRuleAssetNoCategoryAnalystCat2",
+ "testLoadRuleAssetNoCategoryAnalystPack1", AssetFormats.DRL);
+
// Mock up SEAM contexts
Map application = new HashMap<String, Object>();
Lifecycle.beginApplication(application);
@@ -295,7 +301,7 @@
List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
pbps.add(new RoleBasedPermission("jervis",
RoleTypes.ANALYST,
- null, "category1"));
+ null, "testLoadRuleAssetNoCategoryAnalystCat2"));
MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
@@ -305,8 +311,9 @@
Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
//now lets see if we can access this asset with the permissions
+ RuleAsset asset2 = impl.loadRuleAsset(uuid2);
try {
- RuleAsset asset = impl.loadRuleAsset(uuid);
+ RuleAsset asset1 = impl.loadRuleAsset(uuid1);
fail("Did not catch expected exception");
} catch (AuthorizationException e) {
}
@@ -315,6 +322,66 @@
}
}
+ //Access an asset that belongs to no category.
+ //The user role is analyst
+ public void testLoadRuleAssetNoCategoryAnalystPositive() throws Exception {
+ try {
+ ServiceImplementation impl = getService();
+ PackageItem packageItem = impl.repository.createPackage(
+ "testLoadRuleAssetNoCategoryAnalystPositivePack1", "desc");
+ String packageUuid = packageItem.getUUID();
+ impl.createCategory("",
+ "testLoadRuleAssetNoCategoryAnalystPositiveCat1",
+ "this is a cat");
+ impl.createCategory("",
+ "testLoadRuleAssetNoCategoryAnalystPositiveCat2",
+ "this is a cat");
+
+ String uuid1 = impl.createNewRule("testLoadRuleAssetNoCategoryAnalystPositiveRule1",
+ "description",
+ null,
+ "testLoadRuleAssetNoCategoryAnalystPositivePack1", AssetFormats.DRL);
+ String uuid2 = impl.createNewRule("testLoadRuleAssetNoCategoryAnalystPositiveRule2",
+ "description",
+ "testLoadRuleAssetNoCategoryAnalystPositiveCat2",
+ "testLoadRuleAssetNoCategoryAnalystPositivePack1", AssetFormats.DRL);
+
+
+ // Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+ midentity.addPermissionResolver(resolver);
+ midentity.create();
+
+ Contexts.getSessionContext().set(
+ "org.jboss.seam.security.identity", midentity);
+ Contexts.getSessionContext().set(
+ "org.drools.guvnor.client.rpc.RepositoryService", impl);
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis",
+ RoleTypes.ANALYST,
+ null, null));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
+
+ // Put permission list in session.
+ RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
+ testManager.create();
+ Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
+
+ //now lets see if we can access this asset with the permissions
+ //RuleAsset asset2 = impl.loadRuleAsset(uuid2);
+ RuleAsset asset1 = impl.loadRuleAsset(uuid1);
+ } finally {
+ Lifecycle.endApplication();
+ }
+ }
+
public void testLoadRuleAssetWithRoleBasedAuthrozationAssetHasCategory()
throws Exception {
try {
@@ -478,134 +545,6 @@
Lifecycle.endApplication();
}
- public void testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonly() throws Exception {
- try {
- ServiceImplementation impl = getService();
- String package1Name = "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack1";
- String category1Name = "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyCat1";
-
- impl.repository.createPackage(package1Name, "desc");
- impl.createCategory("", category1Name, "this is a cat");
-
- impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
- "description", category1Name, package1Name, AssetFormats.DRL);
-
- String package2Name = "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack2";
- impl.repository.createPackage(package2Name, "desc");
-
- impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
- "description", category1Name, package2Name, AssetFormats.DRL);
-
- String package3Name = "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack3";
- impl.repository.createPackage(package3Name, "desc");
-
- impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
- "description", category1Name, package3Name, AssetFormats.DRL);
-
- // Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
- Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
- RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
- resolver.setEnableRoleBasedAuthorization(true);
- midentity.addPermissionResolver(resolver);
- midentity.create();
-
- Contexts.getSessionContext().set(
- "org.jboss.seam.security.identity", midentity);
- Contexts.getSessionContext().set(
- "org.drools.guvnor.client.rpc.RepositoryService", impl);
-
- List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis",
- RoleTypes.PACKAGE_READONLY,
- package1Name, null));
- pbps.add(new RoleBasedPermission("jervis",
- RoleTypes.PACKAGE_DEVELOPER,
- package2Name, null));
- MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
- Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
-
- // Put permission list in session.
- RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
- testManager.create();
- Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
-
- TableDataResult res = impl.loadRuleListForCategories(
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyCat1", 0, -1,
- AssetItemGrid.RULE_LIST_TABLE_ID);
- assertEquals(3, res.data.length);
- } finally {
- Lifecycle.endApplication();
- }
- }
-
- public void testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalyst() throws Exception {
- try {
- ServiceImplementation impl = getService();
- String package1Name = "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack1";
- String category1Name = "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystCat1";
- impl.repository.createPackage(
- package1Name, "desc");
- impl.createCategory("",category1Name, "this is a cat");
-
- impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
- "description", category1Name, package1Name, AssetFormats.DRL);
-
- String package2Name = "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack2";
- impl.repository.createPackage(package2Name, "desc");
-
- impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
- "description", category1Name, package2Name, AssetFormats.DRL);
-
- String package3Name = "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack3";
- impl.repository.createPackage(package3Name, "desc");
-
- impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
- "description", category1Name, package3Name, AssetFormats.DRL);
-
- // Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
- Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
- RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
- resolver.setEnableRoleBasedAuthorization(true);
- midentity.addPermissionResolver(resolver);
-
- Contexts.getSessionContext().set(
- "org.jboss.seam.security.identity", midentity);
- Contexts.getSessionContext().set(
- "org.drools.guvnor.client.rpc.RepositoryService", impl);
-
- List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis",
- RoleTypes.ANALYST,
- null, category1Name));
- pbps.add(new RoleBasedPermission("jervis",
- RoleTypes.PACKAGE_READONLY,
- package2Name, null));
- pbps.add(new RoleBasedPermission("jervis",
- RoleTypes.PACKAGE_DEVELOPER,
- package3Name, null));
- MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
- Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
-
- // Put permission list in session.
- RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
- testManager.create();
- Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
-
- TableDataResult res = impl.loadRuleListForCategories(
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystCat1", 0, -1,
- AssetItemGrid.RULE_LIST_TABLE_ID);
- assertEquals(3, res.data.length);
- } finally {
- Lifecycle.endApplication();
- }
- }
-
public void testCheckinWithPackageReadonly() throws Exception {
ServiceImplementation impl = getService();
String packageUuid = impl.createPackage(
@@ -659,54 +598,63 @@
Lifecycle.endApplication();
}
- public void testCheckinWithPackageDeveloper() throws Exception {
- ServiceImplementation impl = getService();
- String packageName = "testCheckinWithPackageDeveloperPack";
- String packageUuid = impl.createPackage(packageName, "desc");
- impl.createCategory("/", "testCheckinWithPackageDeveloperCat",
- "this is a description");
- impl.createCategory("testCheckinWithPackageDeveloperCat", "deeper", "description");
- String uuid = impl.createNewRule("testChecking",
- "this is a description", "testCheckinWithPackageDeveloperCat",
- "testCheckinWithPackageDeveloperPack", AssetFormats.DRL);
- RuleAsset asset = impl.loadRuleAsset(uuid);
- assertNotNull(asset.metaData.lastModifiedDate);
- asset.metaData.coverage = "boo";
- asset.content = new RuleContentText();
- ((RuleContentText) asset.content).content = "yeah !";
- Thread.sleep(100);
+ public void testCheckinPackageDeveloper() throws Exception {
+ //try {
+ ServiceImplementation impl = getService();
+ String packageName = "testCheckinPackageDeveloperPack1";
+ String packageUuid = impl.createPackage(packageName, "desc");
+ impl.createCategory("/", "testCheckinPackageDeveloperCat1",
+ "this is a description");
+ impl.createCategory("testCheckinPackageDeveloperCat1", "deeper",
+ "description");
+ String uuid = impl.createNewRule(
+ "testCheckinPackageDeveloperRule1",
+ "this is a description", "testCheckinPackageDeveloperCat1",
+ "testCheckinPackageDeveloperPack1", AssetFormats.DRL);
+ RuleAsset asset = impl.loadRuleAsset(uuid);
+ assertNotNull(asset.metaData.lastModifiedDate);
+ asset.metaData.coverage = "boo";
+ asset.content = new RuleContentText();
+ ((RuleContentText) asset.content).content = "yeah !";
+ Thread.sleep(100);
- // Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
- Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
- RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
- resolver.setEnableRoleBasedAuthorization(true);
- midentity.addPermissionResolver(resolver);
- midentity.create();
+ // Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+ midentity.addPermissionResolver(resolver);
+ midentity.create();
- Contexts.getSessionContext().set(
- "org.jboss.seam.security.identity", midentity);
- Contexts.getSessionContext().set(
- "org.drools.guvnor.client.rpc.RepositoryService", impl);
- List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis",
- RoleTypes.PACKAGE_DEVELOPER,
- packageName, null));
- MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
- Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
+ Contexts.getSessionContext().set(
+ "org.jboss.seam.security.identity", midentity);
+ Contexts.getSessionContext().set(
+ "org.drools.guvnor.client.rpc.RepositoryService", impl);
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis",
+ RoleTypes.PACKAGE_DEVELOPER, packageName, null));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(
+ pbps);
+ Contexts
+ .getSessionContext()
+ .set(
+ "org.drools.guvnor.server.security.RoleBasedPermissionStore",
+ store);
- // Put permission list in session.
- RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
- testManager.create();
- Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
-
- //now lets see if we can access this asset with the permissions
- String uuid2 = impl.checkinVersion(asset);
- assertEquals(uuid, uuid2);
+ // Put permission list in session.
+ RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
+ testManager.create();
+ Contexts.getSessionContext().set("roleBasedPermissionManager",
+ testManager);
- Lifecycle.endApplication();
+ // now lets see if we can access this asset with the permissions
+ String uuid2 = impl.checkinVersion(asset);
+ assertEquals(uuid, uuid2);
+ //} finally {
+ Lifecycle.endApplication();
+ //}
}
public void testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyFilter() throws Exception {
@@ -1038,6 +986,193 @@
}
}
+ //BRMS-282: listPackages only returns packages that the user has package.readonly permission or higher
+ public void testListPackagesPackageAdminAndAnalyst() throws Exception {
+ try {
+ ServiceImplementation impl = getService();
+ String package1Name = "testListPackagesPackageAdminAndAnalystPack1";
+ String package2Name = "testListPackagesPackageAdminAndAnalystPack2";
+ String category1Name = "testListPackagesPackageAdminAndAnalystCat1";
+
+ String package1UUID = (impl.repository.createPackage(package1Name, "desc")).getUUID();
+ impl.repository.createPackage(package2Name, "desc");
+ impl.createCategory("", category1Name, "this is a cat");
+
+ impl.createNewRule("testListPackagesPackageAdminAndAnalystRule1",
+ "description", null, package1Name, AssetFormats.DRL);
+
+ impl.createNewRule("testListPackagesPackageAdminAndAnalystRule2",
+ "description", category1Name, package2Name, AssetFormats.DRL);
+
+ impl.createNewRule("testListPackagesPackageAdminAndAnalystRule3",
+ "description", null, package2Name, AssetFormats.DRL);
+
+ // Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+ midentity.addPermissionResolver(resolver);
+ midentity.create();
+
+ Contexts.getSessionContext().set(
+ "org.jboss.seam.security.identity", midentity);
+ Contexts.getSessionContext().set(
+ "org.drools.guvnor.client.rpc.RepositoryService", impl);
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis",
+ RoleTypes.PACKAGE_ADMIN,
+ package1Name, null));
+ pbps.add(new RoleBasedPermission("jervis",
+ RoleTypes.ANALYST,
+ null, category1Name));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
+
+ // Put permission list in session.
+ RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
+ testManager.create();
+ Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
+
+ PackageConfigData[] res = impl.listPackages();
+ assertEquals(1, res.length);
+ } finally {
+ Lifecycle.endApplication();
+ }
+ }
+
+ public void testloadRuleListForCategoriesPackageReadonly() throws Exception {
+ try {
+ ServiceImplementation impl = getService();
+ String package1Name = "testloadRuleListForCategoriesPackageReadonlyPack1";
+ String category1Name = "testloadRuleListForCategoriesPackageReadonlyCat1";
+
+ impl.repository.createPackage(package1Name, "desc");
+ impl.createCategory("", category1Name, "this is a cat");
+
+ impl.createNewRule("testloadRuleListForCategoriesPackageReadonlyRule1",
+ "description", category1Name, package1Name, AssetFormats.DRL);
+
+ String package2Name = "testloadRuleListForCategoriesPackageReadonlyPack2";
+ impl.repository.createPackage(package2Name, "desc");
+
+ impl.createNewRule("testloadRuleListForCategoriesPackageReadonlyRule2",
+ "description", category1Name, package2Name, AssetFormats.DRL);
+
+ String package3Name = "testloadRuleListForCategoriesPackageReadonlyPack3";
+ impl.repository.createPackage(package3Name, "desc");
+
+ impl.createNewRule("testloadRuleListForCategoriesPackageReadonlyRule3",
+ "description", category1Name, package3Name, AssetFormats.DRL);
+
+ // Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+ midentity.addPermissionResolver(resolver);
+ midentity.create();
+
+ Contexts.getSessionContext().set(
+ "org.jboss.seam.security.identity", midentity);
+ Contexts.getSessionContext().set(
+ "org.drools.guvnor.client.rpc.RepositoryService", impl);
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis",
+ RoleTypes.PACKAGE_READONLY,
+ package1Name, null));
+ pbps.add(new RoleBasedPermission("jervis",
+ RoleTypes.PACKAGE_DEVELOPER,
+ package2Name, null));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
+
+ // Put permission list in session.
+ RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
+ testManager.create();
+ Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
+
+ TableDataResult res = impl.loadRuleListForCategories(
+ "testloadRuleListForCategoriesPackageReadonlyCat1", 0, -1,
+ AssetItemGrid.RULE_LIST_TABLE_ID);
+ assertEquals(0, res.data.length);
+ } finally {
+ Lifecycle.endApplication();
+ }
+ }
+
+ public void testloadRuleListForCategoriesPackageReadonlyPositive() throws Exception {
+ try {
+ ServiceImplementation impl = getService();
+ String package1Name = "testloadRuleListForCategoriesPackageReadonlyPositivePack1";
+ String category1Name = "testloadRuleListForCategoriesPackageReadonlyPositiveCat1";
+
+ impl.repository.createPackage(package1Name, "desc");
+ impl.createCategory("", category1Name, "this is a cat");
+
+ impl.createNewRule("testloadRuleListForCategoriesPackageReadonlyPositiveRule1",
+ "description", category1Name, package1Name, AssetFormats.DRL);
+
+ String package2Name = "testloadRuleListForCategoriesPackageReadonlyPositivePack2";
+ impl.repository.createPackage(package2Name, "desc");
+
+ impl.createNewRule("testloadRuleListForCategoriesPackageReadonlyPositiveRule2",
+ "description", category1Name, package2Name, AssetFormats.DRL);
+
+ String package3Name = "testloadRuleListForCategoriesPackageReadonlyPositivePack3";
+ impl.repository.createPackage(package3Name, "desc");
+
+ impl.createNewRule("testloadRuleListForCategoriesPackageReadonlyPositiveRule3",
+ "description", category1Name, package3Name, AssetFormats.DRL);
+
+ // Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+ midentity.addPermissionResolver(resolver);
+ midentity.create();
+
+ Contexts.getSessionContext().set(
+ "org.jboss.seam.security.identity", midentity);
+ Contexts.getSessionContext().set(
+ "org.drools.guvnor.client.rpc.RepositoryService", impl);
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis",
+ RoleTypes.PACKAGE_READONLY,
+ package1Name, null));
+ pbps.add(new RoleBasedPermission("jervis",
+ RoleTypes.PACKAGE_DEVELOPER,
+ package2Name, null));
+ pbps.add(new RoleBasedPermission("jervis",
+ RoleTypes.ANALYST_READ,
+ null, category1Name));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
+
+ // Put permission list in session.
+ RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
+ testManager.create();
+ Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);
+
+ TableDataResult res = impl.loadRuleListForCategories(
+ "testloadRuleListForCategoriesPackageReadonlyPositiveCat1", 0, -1,
+ AssetItemGrid.RULE_LIST_TABLE_ID);
+ assertEquals(3, res.data.length);
+ } finally {
+ Lifecycle.endApplication();
+ }
+ }
+
private ServiceImplementation getService() throws Exception {
ServiceImplementation impl = new ServiceImplementation();
Modified: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/jboss/seam/security/permission/RoleBasedPermissionResolverTest.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/jboss/seam/security/permission/RoleBasedPermissionResolverTest.java 2010-05-10 17:10:52 UTC (rev 32798)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/jboss/seam/security/permission/RoleBasedPermissionResolverTest.java 2010-05-10 17:23:01 UTC (rev 32799)
@@ -425,8 +425,9 @@
RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
resolver.setEnableRoleBasedAuthorization(true);
- assertTrue(resolver.hasPermission(new PackageNameType(package1Name), RoleTypes.ANALYST));
- assertTrue(resolver.hasPermission(new PackageNameType(package2Name), RoleTypes.ANALYST));
+ assertFalse(resolver.hasPermission(new PackageNameType(package1Name), RoleTypes.ANALYST));
+ assertFalse(resolver.hasPermission(new PackageNameType(package2Name), RoleTypes.ANALYST));
+ assertTrue(resolver.hasPermission(new CategoryPathType("category1"), RoleTypes.ANALYST));
Lifecycle.endApplication();
}
More information about the jboss-svn-commits
mailing list