Closes #83: Edit ACLs for tags in UI + batch for old DB

2025-12-16 11:15:07 +00:00 · 2016-05-08 00:46:32 +02:00
parent b851fd0ecc
commit a55c55bbdb
23 changed files with 531 additions and 398 deletions
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestAclResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestAclResource.java
@@ -357,12 +357,13 @@ public class TestAclResource extends BaseJerseyTest {
                        .param("language", "eng")));
        Assert.assertEquals(Status.FORBIDDEN.getStatusCode(), response.getStatus());

-        // acltag2 can see document1 with tag1
+        // acltag2 can see document1 with tag1 (non-writable)
        json = target().path("/document/" + document1Id).request()
                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acltag2Token)
                .get(JsonObject.class);
        tags = json.getJsonArray("tags");
        Assert.assertEquals(1, tags.size());
+        Assert.assertFalse(json.getBoolean("writable"));
        Assert.assertEquals(tag1Id, tags.getJsonObject(0).getString("id"));

        // acltag2 can see tag1
@@ -392,6 +393,15 @@ public class TestAclResource extends BaseJerseyTest {
                        .param("target", "acltag2")
                        .param("type", "USER")), JsonObject.class);

+        // acltag2 can see document1 with tag1 (writable)
+        json = target().path("/document/" + document1Id).request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acltag2Token)
+                .get(JsonObject.class);
+        tags = json.getJsonArray("tags");
+        Assert.assertEquals(1, tags.size());
+        Assert.assertTrue(json.getBoolean("writable"));
+        Assert.assertEquals(tag1Id, tags.getJsonObject(0).getString("id"));
+
        // acltag2 can see and edit tag1
        json = target().path("/tag/" + tag1Id).request()
                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acltag2Token)
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java
@@ -2,11 +2,17 @@ package com.sismics.docs.rest;

 import javax.json.JsonArray;
 import javax.json.JsonObject;
+import javax.persistence.EntityManager;
+import javax.persistence.EntityTransaction;
 import javax.ws.rs.client.Entity;
 import javax.ws.rs.core.Form;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;

+import com.sismics.docs.core.constant.PermType;
+import com.sismics.docs.core.dao.jpa.AclDao;
+import com.sismics.util.context.ThreadLocalContext;
+import com.sismics.util.jpa.EMF;
 import org.junit.Assert;
 import org.junit.Test;

@@ -57,6 +63,35 @@ public class TestAppResource extends BaseJerseyTest {
                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                .post(Entity.form(new Form()));
        Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
+
+        // Create a tag
+        json = target().path("/tag").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .put(Entity.form(new Form()
+                        .param("name", "Tag4")
+                        .param("color", "#00ff00")), JsonObject.class);
+        String tagId = json.getString("id");
+
+        // Init transactional context
+        EntityManager em = EMF.get().createEntityManager();
+        ThreadLocalContext context = ThreadLocalContext.get();
+        context.setEntityManager(em);
+        EntityTransaction tx = em.getTransaction();
+        tx.begin();
+
+        // Remove base ACLs
+        AclDao aclDao = new AclDao();
+        aclDao.delete(tagId, PermType.READ, "admin", "admin");
+        aclDao.delete(tagId, PermType.WRITE, "admin", "admin");
+        Assert.assertEquals(0, aclDao.getBySourceId(tagId).size());
+        tx.commit();
+
+        // Add base ACLs to tags
+        response = target().path("/app/batch/tag_acls").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .post(Entity.form(new Form()));
+        Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
+        Assert.assertEquals(2, aclDao.getBySourceId(tagId).size());
    }

    /**
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestTagResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestTagResource.java
@@ -52,6 +52,7 @@ public class TestTagResource extends BaseJerseyTest {
                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, tag1Token)
                .get(JsonObject.class);
        Assert.assertEquals("Tag4", json.getString("name"));
+        Assert.assertEquals("tag1", json.getString("creator"));
        Assert.assertEquals("#00ff00", json.getString("color"));
        Assert.assertTrue(json.getBoolean("writable"));
        JsonArray acls = json.getJsonArray("acls");