@Test
public void shouldReInitializeAuthorizationIfWeClearAllPermissions() {
PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1"));
group.setConfigAttributes(
m(
BasicPipelineConfigs.AUTHORIZATION,
a(
m(
Authorization.NAME,
"loser",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(ON, DISABLED, DISABLED)),
m(
Authorization.NAME,
"boozer",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(OFF, ON, ON)),
m(
Authorization.NAME,
"geezer",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(DISABLED, OFF, ON)),
m(
Authorization.NAME,
"gang_of_losers",
Authorization.TYPE,
ROLE.toString(),
Authorization.PRIVILEGES,
privileges(DISABLED, OFF, ON)),
m(
Authorization.NAME,
"blinds",
Authorization.TYPE,
ROLE.toString(),
Authorization.PRIVILEGES,
privileges(ON, ON, OFF)))));
Authorization authorization = group.getAuthorization();
assertThat(authorization.getAdminsConfig().size(), is(2));
assertThat(authorization.getOperationConfig().size(), is(2));
assertThat(authorization.getViewConfig().size(), is(3));
group.setConfigAttributes(m());
authorization = group.getAuthorization();
assertThat(authorization.getAdminsConfig().size(), is(0));
assertThat(authorization.getOperationConfig().size(), is(0));
assertThat(authorization.getViewConfig().size(), is(0));
}
@Test
public void shouldErrorWhenAuthorizationIsDefinedInConfigRepo() {
BasicPipelineConfigs group = new BasicPipelineConfigs(new RepoConfigOrigin());
group.setGroup("gr");
group.setConfigAttributes(
m(
BasicPipelineConfigs.AUTHORIZATION,
a(
m(
Authorization.NAME,
"loser",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(ON, DISABLED, DISABLED)),
m(
Authorization.NAME,
"boozer",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(OFF, ON, ON)),
m(
Authorization.NAME,
"geezer",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(DISABLED, OFF, ON)),
m(
Authorization.NAME,
"gang_of_losers",
Authorization.TYPE,
ROLE.toString(),
Authorization.PRIVILEGES,
privileges(DISABLED, OFF, ON)),
m(
Authorization.NAME,
"blinds",
Authorization.TYPE,
ROLE.toString(),
Authorization.PRIVILEGES,
privileges(ON, ON, OFF)))));
group.validate(null);
assertThat(
group.errors().on(BasicPipelineConfigs.NO_REMOTE_AUTHORIZATION),
is("Authorization can be defined only in configuration file"));
}
@Test
public void shouldNotErrorWhenAuthorizationIsDefinedLocally() {
BasicPipelineConfigs group = new BasicPipelineConfigs(new FileConfigOrigin());
group.setGroup("gr");
group.setConfigAttributes(
m(
BasicPipelineConfigs.AUTHORIZATION,
a(
m(
Authorization.NAME,
"loser",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(ON, DISABLED, DISABLED)),
m(
Authorization.NAME,
"boozer",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(OFF, ON, ON)),
m(
Authorization.NAME,
"geezer",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(DISABLED, OFF, ON)),
m(
Authorization.NAME,
"gang_of_losers",
Authorization.TYPE,
ROLE.toString(),
Authorization.PRIVILEGES,
privileges(DISABLED, OFF, ON)),
m(
Authorization.NAME,
"blinds",
Authorization.TYPE,
ROLE.toString(),
Authorization.PRIVILEGES,
privileges(ON, ON, OFF)))));
group.validate(null);
assertThat(group.errors().isEmpty(), is(true));
}
@Test
public void
shouldSetViewPermissionByDefaultIfNameIsPresentAndPermissionsAreOff_whileSettingAttributes() {
PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1"));
group.setConfigAttributes(
m(
BasicPipelineConfigs.AUTHORIZATION,
a(
m(
Authorization.NAME,
"user1",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(OFF, OFF, OFF)),
m(
Authorization.NAME,
"role1",
Authorization.TYPE,
ROLE.toString(),
Authorization.PRIVILEGES,
privileges(OFF, OFF, OFF)))));
Authorization authorization = group.getAuthorization();
assertThat(authorization.getViewConfig().size(), is(2));
assertThat(
authorization.getViewConfig(),
hasItems(
(Admin) new AdminRole(new CaseInsensitiveString("role1")),
(Admin) new AdminUser(new CaseInsensitiveString("user1"))));
assertThat(authorization.getOperationConfig().size(), is(0));
assertThat(authorization.getAdminsConfig().size(), is(0));
}
@Test
public void shouldIgnoreBlankUserOrRoleNames_whileSettingAttributes() {
PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1"));
group.setConfigAttributes(
m(
BasicPipelineConfigs.AUTHORIZATION,
a(
m(
Authorization.NAME,
"",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(ON, DISABLED, DISABLED)),
m(
Authorization.NAME,
null,
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(OFF, ON, ON)),
m(
Authorization.NAME,
"geezer",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(DISABLED, OFF, ON)),
m(
Authorization.NAME,
"",
Authorization.TYPE,
ROLE.toString(),
Authorization.PRIVILEGES,
privileges(DISABLED, ON, ON)),
m(
Authorization.NAME,
null,
Authorization.TYPE,
ROLE.toString(),
Authorization.PRIVILEGES,
privileges(ON, OFF, ON)),
m(
Authorization.NAME,
"blinds",
Authorization.TYPE,
ROLE.toString(),
Authorization.PRIVILEGES,
privileges(ON, ON, OFF)))));
Authorization authorization = group.getAuthorization();
assertThat(authorization.getAdminsConfig().size(), is(1));
assertThat(
authorization.getAdminsConfig(),
hasItem((Admin) new AdminRole(new CaseInsensitiveString("blinds"))));
assertThat(authorization.getOperationConfig().size(), is(1));
assertThat(
authorization.getOperationConfig(),
hasItem((Admin) new AdminRole(new CaseInsensitiveString("blinds"))));
assertThat(authorization.getViewConfig().size(), is(1));
assertThat(
authorization.getViewConfig(),
hasItem((Admin) new AdminUser(new CaseInsensitiveString("geezer"))));
}
@Test
public void shouldUpdateAuthorization() {
PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1"));
group.setConfigAttributes(
m(
BasicPipelineConfigs.AUTHORIZATION,
a(
m(
Authorization.NAME,
"loser",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(ON, DISABLED, DISABLED)),
m(
Authorization.NAME,
"boozer",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(OFF, ON, ON)),
m(
Authorization.NAME,
"geezer",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(DISABLED, OFF, ON)),
m(
Authorization.NAME,
"gang_of_losers",
Authorization.TYPE,
ROLE.toString(),
Authorization.PRIVILEGES,
privileges(DISABLED, OFF, ON)),
m(
Authorization.NAME,
"blinds",
Authorization.TYPE,
ROLE.toString(),
Authorization.PRIVILEGES,
privileges(ON, ON, OFF)))));
Authorization authorization = group.getAuthorization();
assertThat(authorization.getAdminsConfig().size(), is(2));
assertThat(
authorization.getAdminsConfig(),
hasItems(
new AdminUser(new CaseInsensitiveString("loser")),
new AdminRole(new CaseInsensitiveString("blinds"))));
assertThat(authorization.getOperationConfig().size(), is(2));
assertThat(
authorization.getOperationConfig(),
hasItems(
new AdminUser(new CaseInsensitiveString("boozer")),
new AdminRole(new CaseInsensitiveString("blinds"))));
assertThat(authorization.getViewConfig().size(), is(3));
assertThat(
authorization.getViewConfig(),
hasItems(
new AdminUser(new CaseInsensitiveString("boozer")),
new AdminUser(new CaseInsensitiveString("geezer")),
new AdminRole(new CaseInsensitiveString("gang_of_losers"))));
}