/** Test allowed access for editing. */
  @Test
  public void testSuccessEdit() {
    String reservationID = "12345";
    String testUser = "******";
    Reservation reservation = new Reservation(new Date(), new Date(), testUser);
    reservation.setId(reservationID);
    Authentication authentication = new UsernamePasswordAuthenticationToken(testUser, "dummy");
    expect(dao.getReservation(reservationID)).andReturn(reservation);
    replay(dao);

    boolean val = evaluator.hasPermission(authentication, reservationID, "Booking", "edit");
    assertTrue("Error", val);
  }
  /** Test forbidden access for wrong user. */
  @Test
  public void testWrongUser() {
    String reservationID = "12345";
    String testUser = "******";
    String testBookingUser = "******";
    Reservation reservation = new Reservation(new Date(), new Date(), testBookingUser);
    reservation.setId(reservationID);
    Authentication authentication = new UsernamePasswordAuthenticationToken(testUser, "dummy");

    expect(dao.getReservation(reservationID)).andReturn(reservation).times(3);
    replay(dao);

    boolean val = evaluator.hasPermission(authentication, reservationID, "Booking", "view");
    assertFalse("View access although user is different", val);

    val = evaluator.hasPermission(authentication, reservationID, "Booking", "edit");
    assertFalse("Edit access although user is different", val);

    val = evaluator.hasPermission(authentication, reservationID, "Booking", "delete");
    assertFalse("Delete access although user is different", val);
  }