mirror of
https://github.com/sismics/docs.git
synced 2025-12-18 04:01:42 +00:00
#18: Group resource, groups handling in ACL, groups returned in users
This commit is contained in:
jendib
@@ -28,15 +28,18 @@ public class TestAclResource extends BaseJerseyTest {
|
||||
*/
|
||||
@Test
|
||||
public void testAclResource() {
|
||||
// Create aclGroup2
|
||||
clientUtil.createGroup("aclGroup2");
|
||||
|
||||
// Login acl1
|
||||
clientUtil.createUser("acl1");
|
||||
String acl1Token = clientUtil.login("acl1");
|
||||
|
||||
// Login acl2
|
||||
clientUtil.createUser("acl2");
|
||||
clientUtil.createUser("acl2", "aclGroup2");
|
||||
String acl2Token = clientUtil.login("acl2");
|
||||
|
||||
// Create a document
|
||||
// Create a document with acl1
|
||||
JsonObject json = target().path("/document").request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
|
||||
.put(Entity.form(new Form()
|
||||
@@ -65,7 +68,8 @@ public class TestAclResource extends BaseJerseyTest {
|
||||
.put(Entity.form(new Form()
|
||||
.param("source", document1Id)
|
||||
.param("perm", "READ")
|
||||
.param("username", "acl2")), JsonObject.class);
|
||||
.param("target", "acl2")
|
||||
.param("type", "USER")), JsonObject.class);
|
||||
String acl2Id = json.getString("id");
|
||||
|
||||
// Add an ACL WRITE for acl2 with acl1
|
||||
@@ -74,7 +78,8 @@ public class TestAclResource extends BaseJerseyTest {
|
||||
.put(Entity.form(new Form()
|
||||
.param("source", document1Id)
|
||||
.param("perm", "WRITE")
|
||||
.param("username", "acl2")), JsonObject.class);
|
||||
.param("target", "acl2")
|
||||
.param("type", "USER")), JsonObject.class);
|
||||
|
||||
// Add an ACL WRITE for acl2 with acl1 (again)
|
||||
json = target().path("/acl").request()
|
||||
@@ -82,7 +87,27 @@ public class TestAclResource extends BaseJerseyTest {
|
||||
.put(Entity.form(new Form()
|
||||
.param("source", document1Id)
|
||||
.param("perm", "WRITE")
|
||||
.param("username", "acl2")), JsonObject.class);
|
||||
.param("target", "acl2")
|
||||
.param("type", "USER")), JsonObject.class);
|
||||
|
||||
// Add an ACL READ for aclGroup2 with acl1
|
||||
json = target().path("/acl").request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
|
||||
.put(Entity.form(new Form()
|
||||
.param("source", document1Id)
|
||||
.param("perm", "READ")
|
||||
.param("target", "aclGroup2")
|
||||
.param("type", "GROUP")), JsonObject.class);
|
||||
String aclGroup2Id = json.getString("id");
|
||||
|
||||
// Add an ACL WRITE for aclGroup2 with acl1
|
||||
json = target().path("/acl").request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
|
||||
.put(Entity.form(new Form()
|
||||
.param("source", document1Id)
|
||||
.param("perm", "WRITE")
|
||||
.param("target", "aclGroup2")
|
||||
.param("type", "GROUP")), JsonObject.class);
|
||||
|
||||
// Get the document as acl1
|
||||
json = target().path("/document/" + document1Id).request()
|
||||
@@ -90,7 +115,8 @@ public class TestAclResource extends BaseJerseyTest {
|
||||
.get(JsonObject.class);
|
||||
Assert.assertEquals(document1Id, json.getString("id"));
|
||||
acls = json.getJsonArray("acls");
|
||||
Assert.assertEquals(4, acls.size());
|
||||
Assert.assertEquals(6, acls.size());
|
||||
Assert.assertTrue(json.getBoolean("writable"));
|
||||
|
||||
// Get the document as acl2
|
||||
json = target().path("/document/" + document1Id).request()
|
||||
@@ -98,7 +124,8 @@ public class TestAclResource extends BaseJerseyTest {
|
||||
.get(JsonObject.class);
|
||||
Assert.assertEquals(document1Id, json.getString("id"));
|
||||
acls = json.getJsonArray("acls");
|
||||
Assert.assertEquals(4, acls.size());
|
||||
Assert.assertEquals(6, acls.size());
|
||||
Assert.assertTrue(json.getBoolean("writable"));
|
||||
|
||||
// Update the document as acl2
|
||||
json = target().path("/document/" + document1Id).request()
|
||||
@@ -121,6 +148,29 @@ public class TestAclResource extends BaseJerseyTest {
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl2Token)
|
||||
.delete(JsonObject.class);
|
||||
|
||||
// Get the document as acl2
|
||||
json = target().path("/document/" + document1Id).request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl2Token)
|
||||
.get(JsonObject.class);
|
||||
Assert.assertEquals(document1Id, json.getString("id"));
|
||||
acls = json.getJsonArray("acls");
|
||||
Assert.assertEquals(5, acls.size());
|
||||
Assert.assertTrue(json.getBoolean("writable")); // Writable by aclGroup2
|
||||
|
||||
// Delete the ACL WRITE for aclGroup2 with acl2
|
||||
target().path("/acl/" + document1Id + "/WRITE/" + aclGroup2Id).request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl2Token)
|
||||
.delete(JsonObject.class);
|
||||
|
||||
// Get the document as acl2
|
||||
json = target().path("/document/" + document1Id).request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl2Token)
|
||||
.get(JsonObject.class);
|
||||
Assert.assertEquals(document1Id, json.getString("id"));
|
||||
acls = json.getJsonArray("acls");
|
||||
Assert.assertEquals(4, acls.size());
|
||||
Assert.assertFalse(json.getBoolean("writable"));
|
||||
|
||||
// Delete the ACL READ for acl2 with acl2 (not authorized)
|
||||
response = target().path("/acl/" + document1Id + "/READ/" + acl2Id).request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl2Token)
|
||||
@@ -132,6 +182,16 @@ public class TestAclResource extends BaseJerseyTest {
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
|
||||
.delete(JsonObject.class);
|
||||
|
||||
// Get the document as acl2 (visible by group)
|
||||
target().path("/document/" + document1Id).request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl2Token)
|
||||
.get(JsonObject.class);
|
||||
|
||||
// Delete the ACL READ for aclGroup2 with acl1
|
||||
target().path("/acl/" + document1Id + "/READ/" + aclGroup2Id).request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
|
||||
.delete(JsonObject.class);
|
||||
|
||||
// Get the document as acl1
|
||||
json = target().path("/document/" + document1Id).request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
|
||||
@@ -167,5 +227,7 @@ public class TestAclResource extends BaseJerseyTest {
|
||||
.get(JsonObject.class);
|
||||
JsonArray users = json.getJsonArray("users");
|
||||
Assert.assertEquals(2, users.size());
|
||||
JsonArray groups = json.getJsonArray("groups");
|
||||
Assert.assertEquals(1, groups.size());
|
||||
}
|
||||
}
|
||||
@@ -1,9 +1,14 @@
|
||||
package com.sismics.docs.rest;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import javax.json.JsonArray;
|
||||
import javax.json.JsonObject;
|
||||
import javax.ws.rs.client.Entity;
|
||||
import javax.ws.rs.core.Form;
|
||||
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
|
||||
import com.sismics.util.filter.TokenBasedSecurityFilter;
|
||||
@@ -25,10 +30,71 @@ public class TestGroupResource extends BaseJerseyTest {
|
||||
// Login admin
|
||||
String adminToken = clientUtil.login("admin", "admin", false);
|
||||
|
||||
// Create a group
|
||||
target().path("/group").request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
|
||||
.put(Entity.form(new Form()
|
||||
.param("name", "Group 1")), JsonObject.class);
|
||||
// Create group hierarchy
|
||||
clientUtil.createGroup("g1");
|
||||
clientUtil.createGroup("g11", "g1");
|
||||
clientUtil.createGroup("g12", "g1");
|
||||
clientUtil.createGroup("g111", "g11");
|
||||
clientUtil.createGroup("g112", "g11");
|
||||
|
||||
// Login group1
|
||||
clientUtil.createUser("group1", "g112", "g12");
|
||||
String group1Token = clientUtil.login("group1");
|
||||
|
||||
// Check group1 groups (all computed groups)
|
||||
JsonObject json = target().path("/user").request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, group1Token)
|
||||
.get(JsonObject.class);
|
||||
JsonArray groups = json.getJsonArray("groups");
|
||||
List<String> groupList = new ArrayList<>();
|
||||
for (int i = 0; i < groups.size(); i++) {
|
||||
groupList.add(groups.getString(i));
|
||||
}
|
||||
Assert.assertEquals(4, groups.size());
|
||||
Assert.assertTrue(groupList.contains("g1"));
|
||||
Assert.assertTrue(groupList.contains("g12"));
|
||||
Assert.assertTrue(groupList.contains("g11"));
|
||||
Assert.assertTrue(groupList.contains("g112"));
|
||||
|
||||
// Check group1 groups with admin (only direct groups)
|
||||
json = target().path("/user/group1").request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
|
||||
.get(JsonObject.class);
|
||||
groups = json.getJsonArray("groups");
|
||||
Assert.assertEquals(2, groups.size());
|
||||
Assert.assertEquals("g112", groups.getString(0));
|
||||
Assert.assertEquals("g12", groups.getString(1));
|
||||
|
||||
// Add group1 to g112 (again)
|
||||
json = target().path("/group/g112").request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
|
||||
.put(Entity.form(new Form()
|
||||
.param("username", "group1")), JsonObject.class);
|
||||
|
||||
// Check group1 groups (all computed groups)
|
||||
json = target().path("/user").request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, group1Token)
|
||||
.get(JsonObject.class);
|
||||
groups = json.getJsonArray("groups");
|
||||
Assert.assertEquals(4, groups.size());
|
||||
|
||||
// Remove group1 from g12
|
||||
json = target().path("/group/g12/group1").request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
|
||||
.delete(JsonObject.class);
|
||||
|
||||
// Check group1 groups (all computed groups)
|
||||
json = target().path("/user").request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, group1Token)
|
||||
.get(JsonObject.class);
|
||||
groups = json.getJsonArray("groups");
|
||||
groupList = new ArrayList<>();
|
||||
for (int i = 0; i < groups.size(); i++) {
|
||||
groupList.add(groups.getString(i));
|
||||
}
|
||||
Assert.assertEquals(3, groups.size());
|
||||
Assert.assertTrue(groupList.contains("g1"));
|
||||
Assert.assertTrue(groupList.contains("g11"));
|
||||
Assert.assertTrue(groupList.contains("g112"));
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user