public void testPermissions() {

    Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);

    assertEquals(0, authorization.getPermissions());

    assertFalse(authorization.hasPermission(ACCESS));
    assertFalse(authorization.hasPermission(DELETE));
    assertFalse(authorization.hasPermission(READ));
    assertFalse(authorization.hasPermission(UPDATE));

    authorization.addPermission(ACCESS);
    assertTrue(authorization.hasPermission(ACCESS));
    assertFalse(authorization.hasPermission(DELETE));
    assertFalse(authorization.hasPermission(READ));
    assertFalse(authorization.hasPermission(UPDATE));

    authorization.addPermission(DELETE);
    assertTrue(authorization.hasPermission(ACCESS));
    assertTrue(authorization.hasPermission(DELETE));
    assertFalse(authorization.hasPermission(READ));
    assertFalse(authorization.hasPermission(UPDATE));

    authorization.addPermission(READ);
    assertTrue(authorization.hasPermission(ACCESS));
    assertTrue(authorization.hasPermission(DELETE));
    assertTrue(authorization.hasPermission(READ));
    assertFalse(authorization.hasPermission(UPDATE));

    authorization.addPermission(UPDATE);
    assertTrue(authorization.hasPermission(ACCESS));
    assertTrue(authorization.hasPermission(DELETE));
    assertTrue(authorization.hasPermission(READ));
    assertTrue(authorization.hasPermission(UPDATE));

    authorization.removePermission(ACCESS);
    assertFalse(authorization.hasPermission(ACCESS));
    assertTrue(authorization.hasPermission(DELETE));
    assertTrue(authorization.hasPermission(READ));
    assertTrue(authorization.hasPermission(UPDATE));

    authorization.removePermission(DELETE);
    assertFalse(authorization.hasPermission(ACCESS));
    assertFalse(authorization.hasPermission(DELETE));
    assertTrue(authorization.hasPermission(READ));
    assertTrue(authorization.hasPermission(UPDATE));

    authorization.removePermission(READ);
    assertFalse(authorization.hasPermission(ACCESS));
    assertFalse(authorization.hasPermission(DELETE));
    assertFalse(authorization.hasPermission(READ));
    assertTrue(authorization.hasPermission(UPDATE));

    authorization.removePermission(UPDATE);
    assertFalse(authorization.hasPermission(ACCESS));
    assertFalse(authorization.hasPermission(DELETE));
    assertFalse(authorization.hasPermission(READ));
    assertFalse(authorization.hasPermission(UPDATE));
  }
  public void testUserOverrideGlobalRevokeAuthorizationCheck() {
    TestResource resource1 = new TestResource("resource1", 100);

    // create global authorization which revokes all permissions to all users  (on resource1):
    Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    globalGrant.setResource(resource1);
    globalGrant.setResourceId(ANY);
    globalGrant.removePermission(ALL);
    authorizationService.saveAuthorization(globalGrant);

    // add READ for jonny
    Authorization localRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    localRevoke.setUserId("jonny");
    localRevoke.setResource(resource1);
    localRevoke.setResourceId(ANY);
    localRevoke.addPermission(READ);
    authorizationService.saveAuthorization(localRevoke);

    // jonny does not have ALL permissions
    assertFalse(authorizationService.isUserAuthorized("jonny", null, ALL, resource1));
    // jonny can read
    assertTrue(authorizationService.isUserAuthorized("jonny", null, READ, resource1));
    // jonny can't delete
    assertFalse(authorizationService.isUserAuthorized("jonny", null, DELETE, resource1));

    // someone else can't do anything
    assertFalse(authorizationService.isUserAuthorized("someone else", null, ALL, resource1));
    assertFalse(authorizationService.isUserAuthorized("someone else", null, READ, resource1));
    assertFalse(authorizationService.isUserAuthorized("someone else", null, DELETE, resource1));
  }
  public void testGroupOverrideGlobalGrantAuthorizationCheck() {
    TestResource resource1 = new TestResource("resource1", 100);

    // create global authorization which grants all permissions to all users  (on resource1):
    Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    globalGrant.setResource(resource1);
    globalGrant.setResourceId(ANY);
    globalGrant.addPermission(ALL);
    authorizationService.saveAuthorization(globalGrant);

    // revoke READ for group "sales"
    Authorization groupRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
    groupRevoke.setGroupId("sales");
    groupRevoke.setResource(resource1);
    groupRevoke.setResourceId(ANY);
    groupRevoke.removePermission(READ);
    authorizationService.saveAuthorization(groupRevoke);

    List<String> jonnysGroups = Arrays.asList(new String[] {"sales", "marketing"});
    List<String> someOneElsesGroups = Arrays.asList(new String[] {"marketing"});

    // jonny does not have ALL permissions if queried with groups
    assertFalse(authorizationService.isUserAuthorized("jonny", jonnysGroups, ALL, resource1));
    // if queried without groups he has
    assertTrue(authorizationService.isUserAuthorized("jonny", null, ALL, resource1));

    // jonny can't read if queried with groups
    assertFalse(authorizationService.isUserAuthorized("jonny", jonnysGroups, READ, resource1));
    // if queried without groups he has
    assertTrue(authorizationService.isUserAuthorized("jonny", null, READ, resource1));

    // someone else who is in group "marketing" but but not "sales" can
    assertTrue(
        authorizationService.isUserAuthorized("someone else", someOneElsesGroups, ALL, resource1));
    assertTrue(
        authorizationService.isUserAuthorized("someone else", someOneElsesGroups, READ, resource1));
    assertTrue(authorizationService.isUserAuthorized("someone else", null, ALL, resource1));
    assertTrue(authorizationService.isUserAuthorized("someone else", null, READ, resource1));
    // he could'nt if he were in jonny's groups
    assertFalse(
        authorizationService.isUserAuthorized("someone else", jonnysGroups, ALL, resource1));
    assertFalse(
        authorizationService.isUserAuthorized("someone else", jonnysGroups, READ, resource1));

    // jonny can still delete
    assertTrue(authorizationService.isUserAuthorized("jonny", jonnysGroups, DELETE, resource1));
    assertTrue(authorizationService.isUserAuthorized("jonny", null, DELETE, resource1));
  }
  public void testUserOverrideGroupOverrideGlobalAuthorizationCheck() {
    TestResource resource1 = new TestResource("resource1", 100);

    // create global authorization which grants all permissions to all users  (on resource1):
    Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    globalGrant.setResource(resource1);
    globalGrant.setResourceId(ANY);
    globalGrant.addPermission(ALL);
    authorizationService.saveAuthorization(globalGrant);

    // revoke READ for group "sales"
    Authorization groupRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
    groupRevoke.setGroupId("sales");
    groupRevoke.setResource(resource1);
    groupRevoke.setResourceId(ANY);
    groupRevoke.removePermission(READ);
    authorizationService.saveAuthorization(groupRevoke);

    // add READ for jonny
    Authorization userGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    userGrant.setUserId("jonny");
    userGrant.setResource(resource1);
    userGrant.setResourceId(ANY);
    userGrant.addPermission(READ);
    authorizationService.saveAuthorization(userGrant);

    List<String> jonnysGroups = Arrays.asList(new String[] {"sales", "marketing"});
    List<String> someOneElsesGroups = Arrays.asList(new String[] {"marketing"});

    // jonny can read
    assertTrue(authorizationService.isUserAuthorized("jonny", jonnysGroups, READ, resource1));
    assertTrue(authorizationService.isUserAuthorized("jonny", null, READ, resource1));

    // someone else in the same groups cannot
    assertFalse(
        authorizationService.isUserAuthorized("someone else", jonnysGroups, READ, resource1));

    // someone else in different groups can
    assertTrue(
        authorizationService.isUserAuthorized("someone else", someOneElsesGroups, READ, resource1));
  }
  public void testUserOverrideGlobalGrantAuthorizationCheck() {
    TestResource resource1 = new TestResource("resource1", 100);

    // create global authorization which grants all permissions to all users  (on resource1):
    Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    globalGrant.setResource(resource1);
    globalGrant.setResourceId(ANY);
    globalGrant.addPermission(ALL);
    authorizationService.saveAuthorization(globalGrant);

    // revoke READ for jonny
    Authorization localRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
    localRevoke.setUserId("jonny");
    localRevoke.setResource(resource1);
    localRevoke.setResourceId(ANY);
    localRevoke.removePermission(READ);
    authorizationService.saveAuthorization(localRevoke);

    List<String> jonnysGroups = Arrays.asList(new String[] {"sales", "marketing"});
    List<String> someOneElsesGroups = Arrays.asList(new String[] {"marketing"});

    // jonny does not have ALL permissions
    assertFalse(authorizationService.isUserAuthorized("jonny", null, ALL, resource1));
    assertFalse(authorizationService.isUserAuthorized("jonny", jonnysGroups, ALL, resource1));
    // jonny can't read
    assertFalse(authorizationService.isUserAuthorized("jonny", null, READ, resource1));
    assertFalse(authorizationService.isUserAuthorized("jonny", jonnysGroups, READ, resource1));
    // someone else can
    assertTrue(authorizationService.isUserAuthorized("someone else", null, ALL, resource1));
    assertTrue(
        authorizationService.isUserAuthorized("someone else", someOneElsesGroups, READ, resource1));
    assertTrue(authorizationService.isUserAuthorized("someone else", null, ALL, resource1));
    assertTrue(
        authorizationService.isUserAuthorized("someone else", someOneElsesGroups, READ, resource1));
    // jonny can still delete
    assertTrue(authorizationService.isUserAuthorized("jonny", null, DELETE, resource1));
    assertTrue(authorizationService.isUserAuthorized("jonny", jonnysGroups, DELETE, resource1));
  }