/** Test allowed access for editing. */
@Test
public void testSuccessEdit() {
String reservationID = "12345";
String testUser = "******";
Reservation reservation = new Reservation(new Date(), new Date(), testUser);
reservation.setId(reservationID);
Authentication authentication = new UsernamePasswordAuthenticationToken(testUser, "dummy");
expect(dao.getReservation(reservationID)).andReturn(reservation);
replay(dao);
boolean val = evaluator.hasPermission(authentication, reservationID, "Booking", "edit");
assertTrue("Error", val);
}
/** Test forbidden access for wrong user. */
@Test
public void testWrongUser() {
String reservationID = "12345";
String testUser = "******";
String testBookingUser = "******";
Reservation reservation = new Reservation(new Date(), new Date(), testBookingUser);
reservation.setId(reservationID);
Authentication authentication = new UsernamePasswordAuthenticationToken(testUser, "dummy");
expect(dao.getReservation(reservationID)).andReturn(reservation).times(3);
replay(dao);
boolean val = evaluator.hasPermission(authentication, reservationID, "Booking", "view");
assertFalse("View access although user is different", val);
val = evaluator.hasPermission(authentication, reservationID, "Booking", "edit");
assertFalse("Edit access although user is different", val);
val = evaluator.hasPermission(authentication, reservationID, "Booking", "delete");
assertFalse("Delete access although user is different", val);
}
