2019-01-17 13:21:20 +01:00
|
|
|
package sonia.scm.security;
|
|
|
|
|
|
|
|
|
|
import com.github.sdorra.shiro.ShiroRule;
|
|
|
|
|
import com.github.sdorra.shiro.SubjectAware;
|
2019-01-18 14:52:17 +01:00
|
|
|
import org.apache.shiro.authz.UnauthorizedException;
|
2019-01-17 13:21:20 +01:00
|
|
|
import org.assertj.core.api.Assertions;
|
|
|
|
|
import org.junit.Before;
|
|
|
|
|
import org.junit.Rule;
|
|
|
|
|
import org.junit.Test;
|
2019-01-18 14:52:17 +01:00
|
|
|
import org.junit.rules.ExpectedException;
|
2019-01-19 20:27:25 +01:00
|
|
|
import sonia.scm.NotFoundException;
|
2019-01-17 13:21:20 +01:00
|
|
|
import sonia.scm.plugin.PluginLoader;
|
|
|
|
|
import sonia.scm.store.InMemoryConfigurationEntryStoreFactory;
|
|
|
|
|
import sonia.scm.util.ClassLoaders;
|
|
|
|
|
|
2019-01-19 20:27:25 +01:00
|
|
|
import java.util.Arrays;
|
2019-01-17 13:21:20 +01:00
|
|
|
import java.util.Collection;
|
2019-01-19 20:27:25 +01:00
|
|
|
import java.util.stream.Collectors;
|
2019-01-17 13:21:20 +01:00
|
|
|
|
|
|
|
|
import static java.util.Arrays.asList;
|
|
|
|
|
import static org.mockito.Mockito.mock;
|
|
|
|
|
import static org.mockito.Mockito.when;
|
|
|
|
|
|
|
|
|
|
@SubjectAware(configuration = "classpath:sonia/scm/shiro-001.ini", username = "dent", password = "secret")
|
|
|
|
|
public class PermissionAssignerTest {
|
|
|
|
|
|
|
|
|
|
@Rule
|
|
|
|
|
public ShiroRule shiroRule = new ShiroRule();
|
|
|
|
|
|
2019-01-18 14:52:17 +01:00
|
|
|
@Rule
|
|
|
|
|
public ExpectedException expectedException = ExpectedException.none();
|
|
|
|
|
|
2019-01-17 13:21:20 +01:00
|
|
|
private DefaultSecuritySystem securitySystem;
|
|
|
|
|
private PermissionAssigner permissionAssigner;
|
|
|
|
|
|
|
|
|
|
@Before
|
|
|
|
|
public void init() {
|
|
|
|
|
PluginLoader pluginLoader = mock(PluginLoader.class);
|
|
|
|
|
when(pluginLoader.getUberClassLoader()).thenReturn(ClassLoaders.getContextClassLoader(DefaultSecuritySystem.class));
|
|
|
|
|
|
2019-01-19 20:27:25 +01:00
|
|
|
securitySystem = new DefaultSecuritySystem(new InMemoryConfigurationEntryStoreFactory(), pluginLoader) {
|
|
|
|
|
@Override
|
|
|
|
|
public Collection<PermissionDescriptor> getAvailablePermissions() {
|
|
|
|
|
return Arrays.stream(new String[]{"perm:read:1", "perm:read:2", "perm:read:3", "perm:read:4"})
|
|
|
|
|
.map(PermissionDescriptor::new)
|
|
|
|
|
.collect(Collectors.toList());
|
|
|
|
|
}
|
|
|
|
|
};
|
2019-01-17 13:21:20 +01:00
|
|
|
|
2019-01-18 14:52:17 +01:00
|
|
|
try {
|
|
|
|
|
securitySystem.addPermission(new AssignedPermission("1", "perm:read:1"));
|
|
|
|
|
securitySystem.addPermission(new AssignedPermission("1", "perm:read:2"));
|
|
|
|
|
securitySystem.addPermission(new AssignedPermission("2", "perm:read:2"));
|
|
|
|
|
securitySystem.addPermission(new AssignedPermission("1", true, "perm:read:2"));
|
|
|
|
|
} catch (UnauthorizedException e) {
|
|
|
|
|
// ignore for tests with limited privileges
|
|
|
|
|
}
|
2019-01-17 13:21:20 +01:00
|
|
|
permissionAssigner = new PermissionAssigner(securitySystem);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
|
public void shouldFindUserPermissions() {
|
|
|
|
|
Collection<PermissionDescriptor> permissionDescriptors = permissionAssigner.readPermissionsForUser("1");
|
|
|
|
|
|
|
|
|
|
Assertions.assertThat(permissionDescriptors).hasSize(2);
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-18 14:52:17 +01:00
|
|
|
@Test
|
|
|
|
|
public void shouldFindGroupPermissions() {
|
|
|
|
|
Collection<PermissionDescriptor> permissionDescriptors = permissionAssigner.readPermissionsForUser("1");
|
|
|
|
|
|
|
|
|
|
Assertions.assertThat(permissionDescriptors).hasSize(2);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
|
@SubjectAware(username = "trillian", password = "secret")
|
|
|
|
|
public void shouldNotReadUserPermissionsForUnprivilegedUser() {
|
|
|
|
|
expectedException.expect(UnauthorizedException.class);
|
|
|
|
|
|
|
|
|
|
permissionAssigner.readPermissionsForUser("1");
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-17 13:21:20 +01:00
|
|
|
@Test
|
|
|
|
|
public void shouldOverwriteUserPermissions() {
|
|
|
|
|
permissionAssigner.setPermissionsForUser("2", asList(new PermissionDescriptor("perm:read:3"), new PermissionDescriptor("perm:read:4")));
|
|
|
|
|
|
|
|
|
|
Collection<PermissionDescriptor> permissionDescriptors = permissionAssigner.readPermissionsForUser("2");
|
|
|
|
|
|
|
|
|
|
Assertions.assertThat(permissionDescriptors).hasSize(2);
|
|
|
|
|
}
|
2019-01-18 14:52:17 +01:00
|
|
|
|
|
|
|
|
@Test
|
|
|
|
|
@SubjectAware(username = "trillian", password = "secret")
|
|
|
|
|
public void shouldNotOverwriteUserPermissionsForUnprivilegedUser() {
|
|
|
|
|
expectedException.expect(UnauthorizedException.class);
|
|
|
|
|
|
|
|
|
|
permissionAssigner.setPermissionsForUser("2", asList(new PermissionDescriptor("perm:read:3"), new PermissionDescriptor("perm:read:4")));
|
|
|
|
|
}
|
2019-01-19 20:27:25 +01:00
|
|
|
|
|
|
|
|
@Test
|
|
|
|
|
public void shouldFailForNotExistingPermissions() {
|
|
|
|
|
expectedException.expect(NotFoundException.class);
|
2019-01-21 10:01:29 +01:00
|
|
|
permissionAssigner.setPermissionsForUser("2", asList(new PermissionDescriptor("perm:read:4"), new PermissionDescriptor("perm:read:5")));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
|
public void shouldAcceptNotExistingPermissionsWhenTheyWereAssignedBefore() {
|
|
|
|
|
securitySystem.addPermission(new AssignedPermission("2", "perm:read:5"));
|
|
|
|
|
|
|
|
|
|
permissionAssigner.setPermissionsForUser("2", asList(new PermissionDescriptor("perm:read:5")));
|
2019-01-19 20:27:25 +01:00
|
|
|
}
|
2019-01-17 13:21:20 +01:00
|
|
|
}
|
