mirror of
https://github.com/sismics/docs.git
synced 2025-12-16 03:06:22 +00:00
#13: ACL system
This commit is contained in:
jendib
@@ -0,0 +1,177 @@
|
||||
package com.sismics.docs.rest;
|
||||
|
||||
import java.util.Date;
|
||||
|
||||
import junit.framework.Assert;
|
||||
|
||||
import org.codehaus.jettison.json.JSONArray;
|
||||
import org.codehaus.jettison.json.JSONException;
|
||||
import org.codehaus.jettison.json.JSONObject;
|
||||
import org.junit.Test;
|
||||
|
||||
import com.sismics.docs.rest.filter.CookieAuthenticationFilter;
|
||||
import com.sun.jersey.api.client.ClientResponse;
|
||||
import com.sun.jersey.api.client.ClientResponse.Status;
|
||||
import com.sun.jersey.api.client.WebResource;
|
||||
import com.sun.jersey.core.util.MultivaluedMapImpl;
|
||||
|
||||
/**
|
||||
* Test the ACL resource.
|
||||
*
|
||||
* @author bgamard
|
||||
*/
|
||||
public class TestAclResource extends BaseJerseyTest {
|
||||
/**
|
||||
* Test the ACL resource.
|
||||
*
|
||||
* @throws JSONException
|
||||
*/
|
||||
@Test
|
||||
public void testAclResource() throws JSONException {
|
||||
// Login acl1
|
||||
clientUtil.createUser("acl1");
|
||||
String acl1Token = clientUtil.login("acl1");
|
||||
|
||||
// Login acl2
|
||||
clientUtil.createUser("acl2");
|
||||
String acl2Token = clientUtil.login("acl2");
|
||||
|
||||
// Create a document
|
||||
WebResource documentResource = resource().path("/document");
|
||||
documentResource.addFilter(new CookieAuthenticationFilter(acl1Token));
|
||||
MultivaluedMapImpl postParams = new MultivaluedMapImpl();
|
||||
postParams.add("title", "My super title document 1");
|
||||
postParams.add("language", "eng");
|
||||
postParams.add("create_date", new Date().getTime());
|
||||
ClientResponse response = documentResource.put(ClientResponse.class, postParams);
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
JSONObject json = response.getEntity(JSONObject.class);
|
||||
String document1Id = json.optString("id");
|
||||
|
||||
// Get the document as acl1
|
||||
documentResource = resource().path("/document/" + document1Id);
|
||||
documentResource.addFilter(new CookieAuthenticationFilter(acl1Token));
|
||||
response = documentResource.get(ClientResponse.class);
|
||||
json = response.getEntity(JSONObject.class);
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
Assert.assertEquals(document1Id, json.getString("id"));
|
||||
JSONArray acls = json.getJSONArray("acls");
|
||||
Assert.assertEquals(2, acls.length());
|
||||
|
||||
// Get the document as acl2
|
||||
documentResource = resource().path("/document/" + document1Id);
|
||||
documentResource.addFilter(new CookieAuthenticationFilter(acl2Token));
|
||||
response = documentResource.get(ClientResponse.class);
|
||||
json = response.getEntity(JSONObject.class);
|
||||
Assert.assertEquals(Status.FORBIDDEN, Status.fromStatusCode(response.getStatus()));
|
||||
|
||||
// Add an ACL READ for acl2 with acl1
|
||||
WebResource aclResource = resource().path("/acl");
|
||||
aclResource.addFilter(new CookieAuthenticationFilter(acl1Token));
|
||||
postParams = new MultivaluedMapImpl();
|
||||
postParams.add("source", document1Id);
|
||||
postParams.add("perm", "READ");
|
||||
postParams.add("username", "acl2");
|
||||
response = aclResource.put(ClientResponse.class, postParams);
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
json = response.getEntity(JSONObject.class);
|
||||
String acl2Id = json.getString("id");
|
||||
|
||||
// Add an ACL WRITE for acl2 with acl1
|
||||
aclResource = resource().path("/acl");
|
||||
aclResource.addFilter(new CookieAuthenticationFilter(acl1Token));
|
||||
postParams = new MultivaluedMapImpl();
|
||||
postParams.add("source", document1Id);
|
||||
postParams.add("perm", "WRITE");
|
||||
postParams.add("username", "acl2");
|
||||
response = aclResource.put(ClientResponse.class, postParams);
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
|
||||
// Add an ACL WRITE for acl2 with acl1 (again)
|
||||
aclResource = resource().path("/acl");
|
||||
aclResource.addFilter(new CookieAuthenticationFilter(acl1Token));
|
||||
postParams = new MultivaluedMapImpl();
|
||||
postParams.add("source", document1Id);
|
||||
postParams.add("perm", "WRITE");
|
||||
postParams.add("username", "acl2");
|
||||
response = aclResource.put(ClientResponse.class, postParams);
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
|
||||
// Get the document as acl1
|
||||
documentResource = resource().path("/document/" + document1Id);
|
||||
documentResource.addFilter(new CookieAuthenticationFilter(acl1Token));
|
||||
response = documentResource.get(ClientResponse.class);
|
||||
json = response.getEntity(JSONObject.class);
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
Assert.assertEquals(document1Id, json.getString("id"));
|
||||
acls = json.getJSONArray("acls");
|
||||
Assert.assertEquals(4, acls.length());
|
||||
|
||||
// Get the document as acl2
|
||||
documentResource = resource().path("/document/" + document1Id);
|
||||
documentResource.addFilter(new CookieAuthenticationFilter(acl2Token));
|
||||
response = documentResource.get(ClientResponse.class);
|
||||
json = response.getEntity(JSONObject.class);
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
Assert.assertEquals(document1Id, json.getString("id"));
|
||||
acls = json.getJSONArray("acls");
|
||||
Assert.assertEquals(4, acls.length());
|
||||
|
||||
// Delete the ACL WRITE for acl2 with acl2
|
||||
aclResource = resource().path("/acl/" + document1Id + "/WRITE/" + acl2Id);
|
||||
aclResource.addFilter(new CookieAuthenticationFilter(acl2Token));
|
||||
response = aclResource.delete(ClientResponse.class);
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
|
||||
// Delete the ACL READ for acl2 with acl2
|
||||
aclResource = resource().path("/acl/" + document1Id + "/READ/" + acl2Id);
|
||||
aclResource.addFilter(new CookieAuthenticationFilter(acl2Token));
|
||||
response = aclResource.delete(ClientResponse.class);
|
||||
Assert.assertEquals(Status.FORBIDDEN, Status.fromStatusCode(response.getStatus()));
|
||||
|
||||
// Delete the ACL READ for acl2 with acl1
|
||||
aclResource = resource().path("/acl/" + document1Id + "/READ/" + acl2Id);
|
||||
aclResource.addFilter(new CookieAuthenticationFilter(acl1Token));
|
||||
response = aclResource.delete(ClientResponse.class);
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
|
||||
// Get the document as acl1
|
||||
documentResource = resource().path("/document/" + document1Id);
|
||||
documentResource.addFilter(new CookieAuthenticationFilter(acl1Token));
|
||||
response = documentResource.get(ClientResponse.class);
|
||||
json = response.getEntity(JSONObject.class);
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
Assert.assertEquals(document1Id, json.getString("id"));
|
||||
acls = json.getJSONArray("acls");
|
||||
Assert.assertEquals(2, acls.length());
|
||||
String acl1Id = acls.getJSONObject(0).getString("id");
|
||||
|
||||
// Get the document as acl2
|
||||
documentResource = resource().path("/document/" + document1Id);
|
||||
documentResource.addFilter(new CookieAuthenticationFilter(acl2Token));
|
||||
response = documentResource.get(ClientResponse.class);
|
||||
json = response.getEntity(JSONObject.class);
|
||||
Assert.assertEquals(Status.FORBIDDEN, Status.fromStatusCode(response.getStatus()));
|
||||
|
||||
// Delete the ACL READ for acl1 with acl1
|
||||
aclResource = resource().path("/acl/" + document1Id + "/READ/" + acl1Id);
|
||||
aclResource.addFilter(new CookieAuthenticationFilter(acl1Token));
|
||||
response = aclResource.delete(ClientResponse.class);
|
||||
Assert.assertEquals(Status.BAD_REQUEST, Status.fromStatusCode(response.getStatus()));
|
||||
|
||||
// Delete the ACL WRITE for acl1 with acl1
|
||||
aclResource = resource().path("/acl/" + document1Id + "/WRITE/" + acl1Id);
|
||||
aclResource.addFilter(new CookieAuthenticationFilter(acl1Token));
|
||||
response = aclResource.delete(ClientResponse.class);
|
||||
Assert.assertEquals(Status.BAD_REQUEST, Status.fromStatusCode(response.getStatus()));
|
||||
|
||||
// Search target list
|
||||
aclResource = resource().path("/acl/target/search");
|
||||
aclResource.addFilter(new CookieAuthenticationFilter(acl1Token));
|
||||
response = aclResource.queryParam("search", "acl").get(ClientResponse.class);
|
||||
json = response.getEntity(JSONObject.class);
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
JSONArray users = json.getJSONArray("users");
|
||||
Assert.assertEquals(2, users.length());
|
||||
}
|
||||
}
|
||||
@@ -43,6 +43,10 @@ public class TestDocumentResource extends BaseJerseyTest {
|
||||
clientUtil.createUser("document1");
|
||||
String document1Token = clientUtil.login("document1");
|
||||
|
||||
// Login document3
|
||||
clientUtil.createUser("document3");
|
||||
String document3Token = clientUtil.login("document3");
|
||||
|
||||
// Create a tag
|
||||
WebResource tagResource = resource().path("/tag");
|
||||
tagResource.addFilter(new CookieAuthenticationFilter(document1Token));
|
||||
@@ -115,6 +119,61 @@ public class TestDocumentResource extends BaseJerseyTest {
|
||||
Assert.assertEquals("SuperTag", tags.getJSONObject(0).getString("name"));
|
||||
Assert.assertEquals("#ffff00", tags.getJSONObject(0).getString("color"));
|
||||
|
||||
// List all documents from document3
|
||||
documentResource = resource().path("/document/list");
|
||||
documentResource.addFilter(new CookieAuthenticationFilter(document3Token));
|
||||
getParams = new MultivaluedMapImpl();
|
||||
getParams.putSingle("sort_column", 3);
|
||||
getParams.putSingle("asc", false);
|
||||
response = documentResource.queryParams(getParams).get(ClientResponse.class);
|
||||
json = response.getEntity(JSONObject.class);
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
documents = json.getJSONArray("documents");
|
||||
Assert.assertTrue(documents.length() == 0);
|
||||
|
||||
// Create a document with document3
|
||||
documentResource = resource().path("/document");
|
||||
documentResource.addFilter(new CookieAuthenticationFilter(document3Token));
|
||||
postParams = new MultivaluedMapImpl();
|
||||
postParams.add("title", "My super title document 1");
|
||||
postParams.add("description", "My super description for document 1");
|
||||
postParams.add("language", "eng");
|
||||
create1Date = new Date().getTime();
|
||||
postParams.add("create_date", create1Date);
|
||||
response = documentResource.put(ClientResponse.class, postParams);
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
json = response.getEntity(JSONObject.class);
|
||||
String document3Id = json.optString("id");
|
||||
Assert.assertNotNull(document3Id);
|
||||
|
||||
// Add a file
|
||||
fileResource = resource().path("/file");
|
||||
fileResource.addFilter(new CookieAuthenticationFilter(document1Token));
|
||||
form = new FormDataMultiPart();
|
||||
file = this.getClass().getResourceAsStream("/file/Einstein-Roosevelt-letter.png");
|
||||
fdp = new FormDataBodyPart("file",
|
||||
new BufferedInputStream(file),
|
||||
MediaType.APPLICATION_OCTET_STREAM_TYPE);
|
||||
form.bodyPart(fdp);
|
||||
form.field("id", document1Id);
|
||||
response = fileResource.type(MediaType.MULTIPART_FORM_DATA).put(ClientResponse.class, form);
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
json = response.getEntity(JSONObject.class);
|
||||
String file3Id = json.getString("id");
|
||||
Assert.assertNotNull(file3Id);
|
||||
|
||||
// List all documents from document3
|
||||
documentResource = resource().path("/document/list");
|
||||
documentResource.addFilter(new CookieAuthenticationFilter(document3Token));
|
||||
getParams = new MultivaluedMapImpl();
|
||||
getParams.putSingle("sort_column", 3);
|
||||
getParams.putSingle("asc", false);
|
||||
response = documentResource.queryParams(getParams).get(ClientResponse.class);
|
||||
json = response.getEntity(JSONObject.class);
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
documents = json.getJSONArray("documents");
|
||||
Assert.assertTrue(documents.length() == 1);
|
||||
|
||||
// Search documents
|
||||
Assert.assertEquals(1, searchDocuments("full:uranium full:einstein", document1Token));
|
||||
Assert.assertEquals(1, searchDocuments("full:title", document1Token));
|
||||
|
||||
@@ -24,7 +24,6 @@ public class TestLocaleResource extends BaseJerseyTest {
|
||||
public void testLocaleResource() throws JSONException {
|
||||
WebResource localeResource = resource().path("/locale");
|
||||
ClientResponse response = localeResource.get(ClientResponse.class);
|
||||
response = localeResource.get(ClientResponse.class);
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
JSONObject json = response.getEntity(JSONObject.class);
|
||||
JSONArray locale = json.getJSONArray("locales");
|
||||
|
||||
@@ -83,9 +83,7 @@ public class TestShareResource extends BaseJerseyTest {
|
||||
json = response.getEntity(JSONObject.class);
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
Assert.assertEquals(document1Id, json.getString("id"));
|
||||
Assert.assertEquals(1, json.getJSONArray("shares").length());
|
||||
Assert.assertEquals(share1Id, json.getJSONArray("shares").getJSONObject(0).getString("id"));
|
||||
Assert.assertEquals("4 All", json.getJSONArray("shares").getJSONObject(0).getString("name"));
|
||||
Assert.assertEquals(3, json.getJSONArray("acls").length()); // 2 for the creator, 1 for the share
|
||||
|
||||
// Get all files from this document anonymously
|
||||
fileResource = resource().path("/file/list");
|
||||
|
||||
Reference in New Issue
Block a user