@Test
  public void canUpdateApprovals() {
    addApproval("marissa", "c1", "uaa.user", 6000, APPROVED);
    addApproval("marissa", "c1", "uaa.admin", 12000, DENIED);
    addApproval("marissa", "c1", "openid", 6000, APPROVED);

    Approval[] app =
        new Approval[] {
          new Approval("marissa", "c1", "uaa.user", 2000, APPROVED),
          new Approval("marissa", "c1", "dash.user", 2000, APPROVED),
          new Approval("marissa", "c1", "openid", 2000, DENIED),
          new Approval("marissa", "c1", "cloud_controller.read", 2000, APPROVED)
        };
    List<Approval> response = endpoints.updateApprovals(app);
    assertEquals(4, response.size());
    assertTrue(response.contains(new Approval("marissa", "c1", "uaa.user", 2000, APPROVED)));
    assertTrue(response.contains(new Approval("marissa", "c1", "dash.user", 2000, APPROVED)));
    assertTrue(response.contains(new Approval("marissa", "c1", "openid", 2000, DENIED)));
    assertTrue(
        response.contains(new Approval("marissa", "c1", "cloud_controller.read", 2000, APPROVED)));

    List<Approval> updatedApprovals = endpoints.getApprovals("userName eq 'marissa'", 1, 100);
    assertEquals(4, updatedApprovals.size());
    assertTrue(
        updatedApprovals.contains(new Approval("marissa", "c1", "dash.user", 2000, APPROVED)));
    assertTrue(updatedApprovals.contains(new Approval("marissa", "c1", "openid", 2000, DENIED)));
    assertTrue(
        updatedApprovals.contains(
            new Approval("marissa", "c1", "cloud_controller.read", 2000, APPROVED)));
    assertTrue(
        updatedApprovals.contains(new Approval("marissa", "c1", "uaa.user", 2000, APPROVED)));
  }
 @Test(expected = UaaException.class)
 public void userCannotUpdateApprovalsForAnotherUser() {
   addApproval("marissa", "c1", "uaa.user", 6000, APPROVED);
   addApproval("marissa", "c1", "uaa.admin", 12000, DENIED);
   addApproval("marissa", "c1", "openid", 6000, APPROVED);
   endpoints.setSecurityContextAccessor(mockSecurityContextAccessor("vidya"));
   endpoints.updateApprovals(
       new Approval[] {new Approval("marissa", "c1", "uaa.user", 2000, APPROVED)});
 }
  @Test
  public void canGetApprovals() {
    addApproval("marissa", "c1", "uaa.user", 6000, APPROVED);
    addApproval("marissa", "c1", "uaa.admin", 12000, DENIED);
    addApproval("marissa", "c1", "openid", 6000, APPROVED);

    assertEquals(3, endpoints.getApprovals("userName pr", 1, 100).size());
    assertEquals(2, endpoints.getApprovals("userName pr", 1, 2).size());
  }
  @Test
  public void canRevokeApprovals() {
    addApproval("marissa", "c1", "uaa.user", 6000, APPROVED);
    addApproval("marissa", "c1", "uaa.admin", 12000, DENIED);
    addApproval("marissa", "c1", "openid", 6000, APPROVED);

    assertEquals(3, endpoints.getApprovals("userName pr", 1, 100).size());
    assertEquals("ok", endpoints.revokeApprovals("c1").getStatus());
    assertEquals(0, endpoints.getApprovals("userName pr", 1, 100).size());
  }
  @Test
  public void canGetApprovalsWithAutoApproveTrue() {
    // Only get scopes that need approval
    addApproval("marissa", "c1", "uaa.user", 6000, APPROVED);
    addApproval("marissa", "c1", "uaa.admin", 12000, DENIED);
    addApproval("marissa", "c1", "openid", 6000, APPROVED);

    assertEquals(3, endpoints.getApprovals("userName eq 'marissa'", 1, 100).size());

    addApproval("marissa", "c1", "read", 12000, DENIED);
    addApproval("marissa", "c1", "write", 6000, APPROVED);

    assertEquals(3, endpoints.getApprovals("userName eq 'marissa'", 1, 100).size());
  }
  @Before
  public void createDatasource() {

    template = new JdbcTemplate(dataSource);
    marissa = userDao.retrieveUserByName("marissa");

    dao = new JdbcApprovalStore(template, new SimpleSearchQueryConverter());
    endpoints = new ApprovalsAdminEndpoints();
    endpoints.setApprovalStore(dao);
    endpoints.setUaaUserDatabase(userDao);
    InMemoryClientDetailsService clientDetailsService = new InMemoryClientDetailsService();
    BaseClientDetails details =
        new BaseClientDetails(
            "c1",
            "scim,clients",
            "read,write",
            "authorization_code, password, implicit, client_credentials",
            "update");
    details.addAdditionalInformation("autoapprove", "true");
    clientDetailsService.setClientDetailsStore(Collections.singletonMap("c1", details));
    endpoints.setClientDetailsService(clientDetailsService);

    endpoints.setSecurityContextAccessor(mockSecurityContextAccessor(marissa.getUsername()));
  }
  public void attemptingToCreateAnApprovalWithADifferentStatusUpdatesApproval() {
    addApproval("marissa", "c1", "uaa.user", 6000, APPROVED);
    addApproval("marissa", "c1", "uaa.admin", 12000, DENIED);
    addApproval("marissa", "c1", "openid", 6000, APPROVED);

    addApproval("marissa", "c1", "openid", 18000, DENIED);

    List<Approval> updatedApprovals = endpoints.getApprovals("userName eq 'marissa'", 1, 100);
    assertEquals(4, updatedApprovals.size());
    assertTrue(
        updatedApprovals.contains(new Approval("marissa", "c1", "uaa.user", 6000, APPROVED)));
    assertTrue(
        updatedApprovals.contains(new Approval("marissa", "c1", "uaa.admin", 12000, DENIED)));
    assertTrue(updatedApprovals.contains(new Approval("marissa", "c1", "openid", 18000, DENIED)));
  }
  public void attemptingToCreateDuplicateApprovalsExtendsValidity() {
    addApproval("marissa", "c1", "uaa.user", 6000, APPROVED);
    addApproval("marissa", "c1", "uaa.admin", 12000, DENIED);
    addApproval("marissa", "c1", "openid", 6000, APPROVED);

    addApproval("marissa", "c1", "openid", 10000, APPROVED);

    List<Approval> updatedApprovals = endpoints.getApprovals("userName eq 'marissa'", 1, 100);
    assertEquals(3, updatedApprovals.size());
    assertTrue(
        updatedApprovals.contains(new Approval("marissa", "c1", "uaa.user", 6000, APPROVED)));
    assertTrue(
        updatedApprovals.contains(new Approval("marissa", "c1", "uaa.admin", 12000, DENIED)));
    assertTrue(updatedApprovals.contains(new Approval("marissa", "c1", "openid", 10000, APPROVED)));
  }