public final void testCreateMask() { assertEquals(1, GroupPermission.createMask("view")); assertEquals(7, GroupPermission.createMask("view,edit,delete")); assertEquals(7, GroupPermission.createMask("edit,delete,view")); assertEquals(2, GroupPermission.createMask("edit")); assertEquals(6, GroupPermission.createMask("edit,delete")); }
public final void testImpliesMember() { GroupPermission p1; Permission p2; Subject s; // <groupmember> implies TestGroup if Subject has GroupPermission("TestGroup") p1 = new GroupPermission("*:<groupmember>", "view"); p2 = new GroupPermission("*:TestGroup", "view"); s = new Subject(); s.getPrincipals().add(new GroupPrincipal("MyWiki", "TestGroup")); assertTrue(subjectImplies(s, p1, p2)); // <groupmember> doesn't imply it if Subject has no GroupPermission("TestGroup") s = new Subject(); s.getPrincipals().add(new WikiPrincipal("TestGroup")); assertFalse(subjectImplies(s, p1, p2)); // <groupmember> doesn't imply it if Subject's GP doesn't match s = new Subject(); s.getPrincipals().add(new GroupPrincipal("MyWiki", "FooGroup")); assertFalse(subjectImplies(s, p1, p2)); // <groupmember> doesn't imply it if p2 isn't GroupPermission type p2 = new PagePermission("*:TestGroup", "view"); s = new Subject(); s.getPrincipals().add(new GroupPrincipal("MyWiki", "TestGroup")); assertFalse(subjectImplies(s, p1, p2)); // <groupmember> implies TestGroup if not called with Subject combiner p1 = new GroupPermission("*:<groupmember>", "view"); p2 = new GroupPermission("*:TestGroup", "view"); assertFalse(p1.impliesMember(p2)); }
public final void testGetName() { GroupPermission p; p = new GroupPermission("Test", "view,edit,delete"); assertEquals("Test", p.getName()); p = new GroupPermission("mywiki:Test", "view,edit,delete"); assertEquals("mywiki:Test", p.getName()); assertNotSame("*:Test", p.getName()); }
public final void testImpliedMask() { int result = (GroupPermission.DELETE_MASK | GroupPermission.EDIT_MASK | GroupPermission.VIEW_MASK); assertEquals(result, GroupPermission.impliedMask(GroupPermission.DELETE_MASK)); result = (GroupPermission.EDIT_MASK | GroupPermission.VIEW_MASK); assertEquals(result, GroupPermission.impliedMask(GroupPermission.EDIT_MASK)); }
/* * Class under test for boolean equals(java.lang.Object) */ public final void testEqualsObject() { GroupPermission p1 = new GroupPermission("mywiki:Test", "view,edit,delete"); GroupPermission p2 = new GroupPermission("mywiki:Test", "view,edit,delete"); GroupPermission p3 = new GroupPermission("mywiki:Test", "delete,view,edit"); GroupPermission p4 = new GroupPermission("mywiki:Test*", "delete,view,edit"); assertEquals(p1, p2); assertEquals(p1, p3); assertFalse(p3.equals(p4)); }
/* * Class under test for java.lang.String toString() */ public final void testToString() { GroupPermission p; p = new GroupPermission("Test", "view,edit,delete"); assertEquals( "(\"com.ecyrd.jspwiki.auth.permissions.GroupPermission\",\":Test\",\"delete,edit,view\")", p.toString()); p = new GroupPermission("mywiki:Test", "view,edit,delete"); assertEquals( "(\"com.ecyrd.jspwiki.auth.permissions.GroupPermission\",\"mywiki:Test\",\"delete,edit,view\")", p.toString()); }
@Test public void testMatches_SecurityGroup() throws Exception { GroupPermission groupPermission = new GroupPermission("tcp", 1433, 1433, "securityGroup"); IpPermission ipPermission = new IpPermission().withIpProtocol("tcp").withFromPort(1433).withToPort(1433); ipPermission.setUserIdGroupPairs( Arrays.asList(new UserIdGroupPair().withGroupName("securityGroup"))); assertThat(groupPermission.matches(ipPermission)).isTrue(); assertThat(new GroupPermission("tcp", 1433, 1433, "securityGroup2").matches(ipPermission)) .isFalse(); }
@Test public void testMatches_groupWithSamePort() { GroupPermission groupPermission = new GroupPermission("tcp", 1433, 1433, "0.0.0.0/0"); IpPermission ipPermission = new IpPermission(); ipPermission.setIpProtocol("tcp"); ipPermission.setToPort(65535); ipPermission.setFromPort(0); Collection<UserIdGroupPair> ips = new ArrayList<UserIdGroupPair>(); ips.add( new UserIdGroupPair() .withGroupId("0.0.0.0/0") .withGroupName("0.0.0.0/0") .withUserId("0.0.0.0/0")); ipPermission.setUserIdGroupPairs(ips); assertThat(groupPermission.matches(ipPermission)).isTrue(); }
@Test public void testMatches_ips() { GroupPermission groupPermission = new GroupPermission("tcp", 1433, 1433, "0.0.0.0/0"); IpPermission ipPermission = new IpPermission(); ipPermission.setIpProtocol("tcp"); ipPermission.setToPort(65535); ipPermission.setFromPort(0); Collection<String> ips = new ArrayList<String>(); ips.add("127.0.0.1"); ipPermission.setIpRanges(ips); assertFalse(groupPermission.matches(ipPermission)); ips.clear(); ips.add("0.0.0.0/0"); ipPermission.setIpRanges(ips); assertTrue(groupPermission.matches(ipPermission)); }
/** Tests wiki name support. */ public final void testWikiNames() { GroupPermission p1; GroupPermission p2; // Permissions without prepended wiki name should never imply themselves // or others p1 = new GroupPermission("Test", "edit"); p2 = new GroupPermission("Test", "edit"); assertFalse(p1.implies(p1)); assertFalse(p1.implies(p2)); // Permissions with a wildcard wiki should imply other wikis p1 = new GroupPermission("*:Test", "edit"); p2 = new GroupPermission("mywiki:Test", "edit"); assertTrue(p1.implies(p2)); assertFalse(p2.implies(p1)); // Permissions that start with ":" are just like null p1 = new GroupPermission(":Test", "edit"); p2 = new GroupPermission("Test", "edit"); assertFalse(p1.implies(p1)); assertFalse(p1.implies(p2)); }
@Test public void testIsIpDefinition() throws Exception { assertThat(GroupPermission.isIpDefinition("127.0.0.1")).isTrue(); assertThat(GroupPermission.isIpDefinition("0.0.0.0/0")).isTrue(); assertThat(GroupPermission.isIpDefinition("security-group")).isFalse(); }
/* * Class under test for java.lang.String getActions() */ public final void testGetActions() { GroupPermission p = new GroupPermission("Test", "VIEW,edit,delete"); assertEquals("delete,edit,view", p.getActions()); }
/* * Class under test for boolean implies(java.security.Permission) */ public final void testImpliesPermission() { GroupPermission p1; GroupPermission p2; GroupPermission p3; // The same permission should imply itself p1 = new GroupPermission("mywiki:Test", "view,edit,delete"); p2 = new GroupPermission("mywiki:Test", "view,edit,delete"); assertTrue(p1.implies(p2)); assertTrue(p2.implies(p1)); // The same permission should imply itself for wildcard wikis p1 = new GroupPermission("Test", "view,edit,delete"); p2 = new GroupPermission("*:Test", "view,edit,delete"); p3 = new GroupPermission("mywiki:Test", "view,edit,delete"); assertFalse(p1.implies(p2)); assertFalse(p2.implies(p1)); assertFalse(p1.implies(p3)); assertTrue(p2.implies(p3)); assertFalse(p3.implies(p1)); assertFalse(p3.implies(p2)); // Actions on collection should imply permission for group with same // actions p1 = new GroupPermission("*:*", "view,edit,delete"); p2 = new GroupPermission("*:Test", "view,edit,delete"); p3 = new GroupPermission("mywiki:Test", "view,edit,delete"); assertTrue(p1.implies(p2)); assertTrue(p1.implies(p3)); assertTrue(p2.implies(p3)); assertFalse(p2.implies(p1)); assertFalse(p3.implies(p1)); // Actions on single group should imply subset of those actions p1 = new GroupPermission("*:Test", "view,edit,delete"); p2 = new GroupPermission("*:Test", "view"); p3 = new GroupPermission("mywiki:Test", "view"); assertTrue(p1.implies(p2)); assertTrue(p1.implies(p3)); assertFalse(p2.implies(p1)); assertFalse(p3.implies(p1)); assertFalse(p3.implies(p2)); // Actions on collection should imply subset of actions on single group p1 = new GroupPermission("*:*", "view,edit,delete"); p2 = new GroupPermission("*:Test", "view"); p3 = new GroupPermission("mywiki:Test", "view"); assertTrue(p1.implies(p2)); assertTrue(p1.implies(p3)); assertFalse(p2.implies(p1)); assertFalse(p3.implies(p1)); p1 = new GroupPermission("*:Tes*", "view,edit,delete"); p2 = new GroupPermission("*:Test", "view"); p3 = new GroupPermission("mywiki:Test", "view"); assertTrue(p1.implies(p2)); assertTrue(p1.implies(p3)); assertFalse(p2.implies(p1)); assertFalse(p3.implies(p1)); p1 = new GroupPermission("*:*st", "view,edit,delete"); p2 = new GroupPermission("*:Test", "view"); p3 = new GroupPermission("mywiki:Test", "view"); assertTrue(p1.implies(p2)); assertTrue(p1.implies(p3)); assertFalse(p2.implies(p1)); assertFalse(p3.implies(p1)); // Delete action on collection should imply edit/view on // single group p1 = new GroupPermission("*:*st", "delete"); p2 = new GroupPermission("*:Test", "edit"); p3 = new GroupPermission("mywiki:Test", "edit"); assertTrue(p1.implies(p2)); assertTrue(p1.implies(p3)); assertFalse(p2.implies(p1)); assertFalse(p3.implies(p1)); p2 = new GroupPermission("*:Test", "view"); p3 = new GroupPermission("mywiki:Test", "view"); assertTrue(p1.implies(p2)); assertTrue(p1.implies(p3)); assertFalse(p2.implies(p1)); assertFalse(p3.implies(p1)); // Edit action on collection should imply view on single group p1 = new GroupPermission("*:*st", "edit"); p2 = new GroupPermission("*:Test", "view"); p3 = new GroupPermission("mywiki:Test", "view"); assertTrue(p1.implies(p2)); assertTrue(p1.implies(p3)); assertFalse(p2.implies(p1)); assertFalse(p3.implies(p1)); // Pre- and post- wildcards should also be fine p1 = new GroupPermission("*:Test*", "view"); p2 = new GroupPermission("*:TestGroup", "view"); p3 = new GroupPermission("mywiki:TestGroup", "view"); assertTrue(p1.implies(p2)); assertTrue(p1.implies(p3)); assertFalse(p2.implies(p1)); assertFalse(p3.implies(p1)); p1 = new GroupPermission("*:*Group", "view"); p2 = new GroupPermission("*:TestGroup", "view"); p3 = new GroupPermission("mywiki:TestGroup", "view"); assertTrue(p1.implies(p2)); assertTrue(p1.implies(p3)); assertFalse(p2.implies(p1)); assertFalse(p3.implies(p1)); // Wildcards don't imply the <groupmember> target p1 = new GroupPermission("*:*", "view"); p2 = new GroupPermission("*:<groupmember>", "view"); assertFalse(p1.implies(p2)); assertFalse(p2.implies(p1)); p1 = new GroupPermission("*:*ber>", "view"); assertFalse(p1.implies(p2)); assertFalse(p2.implies(p1)); }