Example #1
0
  /*
   Alice has removed Dave's rights to EDIT, so EDIT needs removing from the
   active Dave -> Ed policy, and adding to an inactive policy.
  */
  @Test
  public void shouldRemoveLostRights() throws Exception {
    // Given
    List<Resource> policies = excludePolicies(DAVE, ED);
    policies.add(makePolicy(DAVE, ED, true, VIEW, DELETE, EDIT));

    PolicyGraph graph = makePolicyGraph(policies);
    graph.computeGraph();

    given(resourceSetStore.read(anyString()))
        .willReturn(new ResourceSetDescription(RESOURCE_SET_ID, "RESOURCE_SERVER_ID", ALICE, null));

    given(delegate.updatePolicies(isNull(ServerContext.class), anySet()))
        .willReturn(
            Promises.<List<Resource>, ResourceException>newResultPromise(
                Collections.<Resource>emptyList()));

    given(delegate.createPolicies(isNull(ServerContext.class), anySet()))
        .willReturn(
            Promises.<List<Resource>, ResourceException>newResultPromise(
                Collections.<Resource>emptyList()));

    // When
    Promise<List<List<Resource>>, ResourceException> promise = graph.update(null, delegate);

    // Then
    AssertJPromiseAssert.assertThat(promise).succeeded();
    JsonValue created = policyCreated();
    assertThat(UmaPolicyUtils.getPolicyScopes(created)).containsOnly(EDIT);
    assertThat(created.get("active").asBoolean()).isFalse();
    assertThat(UmaPolicyUtils.getPolicyScopes(policyUpdated())).containsOnly(VIEW, DELETE);
    verifyNoMoreInteractions(delegate);
  }
Example #2
0
  /*
   Dave had previously re-shared VIEW scope to ED, but that was made invalid when
   he lost that scope himself. He has been re-granted that scope so the VIEW scope
   should move the active policy and the empty inactive policy should be deleted.
  */
  @Test
  public void shouldUpdateInvalidRightsTree() throws Exception {
    // Given
    List<Resource> policies = excludePolicies(DAVE, ED);
    policies.add(makePolicy(DAVE, ED, true, DELETE));
    policies.add(makePolicy(DAVE, ED, false, VIEW));

    PolicyGraph graph = makePolicyGraph(policies);
    graph.computeGraph();

    given(delegate.updatePolicies(isNull(ServerContext.class), anySet()))
        .willReturn(
            Promises.<List<Resource>, ResourceException>newResultPromise(
                Collections.<Resource>emptyList()));

    given(delegate.deletePolicies(isNull(ServerContext.class), anySet()))
        .willReturn(
            Promises.<List<Resource>, ResourceException>newResultPromise(
                Collections.<Resource>emptyList()));

    // When
    Promise<List<List<Resource>>, ResourceException> promise = graph.update(null, delegate);

    // Then
    AssertJPromiseAssert.assertThat(promise).succeeded();
    assertThat(UmaPolicyUtils.getPolicyScopes(policyUpdated())).containsOnly(VIEW, DELETE);
    assertThat(policyDeleted()).isEqualTo("Dave-Ed-false");
    verifyNoMoreInteractions(delegate);
  }
Example #3
0
 private PolicyGraph makePolicyGraph(List<Resource> policies) {
   PolicyGraph graph = new PolicyGraph(RESOURCE_SET);
   for (Resource policy : policies) {
     graph.handleResource(policy);
   }
   graph.handleResult(new QueryResult(null, 0));
   return graph;
 }
Example #4
0
  @Test(expectedExceptions = IllegalStateException.class)
  public void shouldRequireComputeGraphCall() throws Exception {
    // Given
    PolicyGraph graph = new PolicyGraph(RESOURCE_SET);

    // When
    graph.isValid();
  }
Example #5
0
  @Test
  public void shouldDetectValidRights() throws Exception {
    // Given
    List<Resource> policies = VALID_POLICIES;
    PolicyGraph graph = makePolicyGraph(policies);

    // When
    graph.computeGraph();

    // Then
    assertThat(graph.isValid()).isTrue();
  }
Example #6
0
  /*
   VIEW scope is accessible to Dave, so his VIEW reshare to Ed should be active, not inactive.
  */
  @Test
  public void shouldDetectInvalidRightsTree() throws Exception {
    // Given
    List<Resource> policies = excludePolicies(DAVE, ED);
    policies.add(makePolicy(DAVE, ED, true, DELETE));
    policies.add(makePolicy(DAVE, ED, false, VIEW));

    PolicyGraph graph = makePolicyGraph(policies);

    // When
    graph.computeGraph();

    // Then
    assertThat(graph.isValid()).isFalse();
  }
Example #7
0
  /*
   Dave had removed Ed's ability to DELETE, so Ed's resharing policy to Bob had been
   made inactive. Dave has re-granted Ed's DELETE, so the inactive policy can be made
   active again.
  */
  @Test
  public void shouldSwitchAllScopesInvalid() throws Exception {
    // Given
    List<Resource> policies = excludePolicies(ED, BOB);
    policies.add(makePolicy(ED, BOB, false, DELETE));

    PolicyGraph graph = makePolicyGraph(policies);
    graph.computeGraph();

    given(delegate.updatePolicies(isNull(ServerContext.class), anySet()))
        .willReturn(
            Promises.<List<Resource>, ResourceException>newResultPromise(
                Collections.<Resource>emptyList()));

    // When
    Promise<List<List<Resource>>, ResourceException> promise = graph.update(null, delegate);

    // Then
    AssertJPromiseAssert.assertThat(promise).succeeded();
    assertThat(policyUpdated().get("active").asBoolean()).isTrue();
    verifyNoMoreInteractions(delegate);
  }