Ejemplo n.º 1
0
  @Test(groups = "slow")
  public void testUserPermission() throws KillBillClientException {

    final String roleDefinition = "notEnoughToAddUserAndRoles";

    final List<String> permissions = new ArrayList<String>();
    for (Permission cur : Permission.values()) {
      if (!cur.getGroup().equals("user")) {
        permissions.add(cur.toString());
      }
    }
    Response response =
        killBillClient.addRoleDefinition(
            new RoleDefinition(roleDefinition, permissions), createdBy, reason, comment);
    Assert.assertEquals(response.getStatusCode(), 201);

    final String username = "******";
    final String password = "******";
    response =
        killBillClient.addUserRoles(
            new UserRoles(username, password, ImmutableList.of(roleDefinition)),
            createdBy,
            reason,
            comment);
    Assert.assertEquals(response.getStatusCode(), 201);

    // Now 'login' as new user (along with roles to make an API call requiring permissions), and
    // check behavior
    logout();
    login(username, password);

    boolean success = false;
    try {
      killBillClient.addRoleDefinition(
          new RoleDefinition("dsfdsfds", ImmutableList.of("*")), createdBy, reason, comment);
      success = true;
    } catch (final Exception e) {
    } finally {
      Assert.assertFalse(success);
    }

    success = false;
    try {
      killBillClient.addUserRoles(
          new UserRoles("sdsd", "sdsdsd", ImmutableList.of(roleDefinition)),
          createdBy,
          reason,
          comment);
      success = true;
    } catch (final Exception e) {
    } finally {
      Assert.assertFalse(success);
    }
  }
Ejemplo n.º 2
0
  @Test(groups = "slow")
  public void testUserWithUpdates() throws KillBillClientException {

    final String roleDefinition = "somethingNice";
    final String allPermissions = "*";

    final String username = "******";
    final String password = "******";

    Response response =
        killBillClient.addRoleDefinition(
            new RoleDefinition(roleDefinition, ImmutableList.of(allPermissions)),
            createdBy,
            reason,
            comment);
    Assert.assertEquals(response.getStatusCode(), 201);

    response =
        killBillClient.addUserRoles(
            new UserRoles(username, password, ImmutableList.of(roleDefinition)),
            createdBy,
            reason,
            comment);
    Assert.assertEquals(response.getStatusCode(), 201);

    logout();
    login(username, password);
    Permissions permissions = killBillClient.getPermissions();
    Assert.assertEquals(permissions.size(), Permission.values().length);

    String newPassword = "******";
    killBillClient.updateUserPassword(username, newPassword, createdBy, reason, comment);

    logout();
    login(username, newPassword);
    permissions = killBillClient.getPermissions();
    Assert.assertEquals(permissions.size(), Permission.values().length);

    final String newRoleDefinition = "somethingLessNice";
    // Only enough permissions to invalidate itself in the last step...
    final String littlePermissions = "user";

    response =
        killBillClient.addRoleDefinition(
            new RoleDefinition(newRoleDefinition, ImmutableList.of(littlePermissions)),
            createdBy,
            reason,
            comment);
    Assert.assertEquals(response.getStatusCode(), 201);

    killBillClient.updateUserRoles(
        username, ImmutableList.of(newRoleDefinition), createdBy, reason, comment);
    permissions = killBillClient.getPermissions();
    // This will only work if correct shiro cache invalidation was performed... requires lots of
    // sweat to get it to work ;-)
    Assert.assertEquals(permissions.size(), 2);

    killBillClient.invalidateUser(username, createdBy, reason, comment);
    try {
      killBillClient.getPermissions();
      Assert.fail();
    } catch (final KillBillClientException e) {
      Assert.assertEquals(e.getResponse().getStatusCode(), Status.UNAUTHORIZED.getStatusCode());
    }
  }