@After
public void tearDown() throws Exception {
if (accessApproval != null && accessApproval.getId() != null) {
accessApprovalDAO.delete(accessApproval.getId().toString());
}
if (accessApproval2 != null && accessApproval2.getId() != null) {
accessApprovalDAO.delete(accessApproval2.getId().toString());
}
if (accessRequirement != null && accessRequirement.getId() != null) {
accessRequirementDAO.delete(accessRequirement.getId().toString());
}
if (accessRequirement2 != null && accessRequirement2.getId() != null) {
accessRequirementDAO.delete(accessRequirement2.getId().toString());
}
if (node != null && nodeDAO != null) {
nodeDAO.delete(node.getId());
node = null;
}
if (node2 != null && nodeDAO != null) {
nodeDAO.delete(node2.getId());
node2 = null;
}
if (evaluation != null && evaluationDAO != null) {
evaluationDAO.delete(evaluation.getId());
evaluation = null;
}
individualGroup = userGroupDAO.findGroup(TEST_USER_NAME, true);
if (individualGroup != null) {
userGroupDAO.delete(individualGroup.getId());
}
individualGroup2 = userGroupDAO.findGroup(TEST_USER_NAME_2, true);
if (individualGroup2 != null) {
userGroupDAO.delete(individualGroup2.getId());
}
}
@Test
public void testcreateS3ProfileToken()
throws JSONObjectAdapterException, ServletException, IOException, DatastoreException {
S3AttachmentToken startToken = new S3AttachmentToken();
startToken.setFileName("someImage.jpg");
startToken.setMd5(TEST_MD5);
String fileName = "images/squarish.png";
URL toUpUrl = S3TokenControllerTest.class.getClassLoader().getResource(fileName);
assertNotNull("Failed to find: " + fileName + " on the classpath", toUpUrl);
File toUpload = new File(toUpUrl.getFile());
// Create the token
S3AttachmentToken resultToken =
testHelper.createS3AttachmentToken(
TestUserDAO.TEST_USER_NAME,
ServiceConstants.AttachmentType.USER_PROFILE,
testUser.getId(),
startToken);
System.out.println(resultToken);
assertNotNull(resultToken);
assertNotNull(resultToken.getTokenId());
assertNotNull(resultToken.getPresignedUrl());
// Upload it
String path =
S3TokenManagerImpl.createAttachmentPathNoSlash(testUser.getId(), resultToken.getTokenId());
s3Utility.uploadToS3(toUpload, path);
// Make sure we can get a signed download URL for this attachment.
long now = System.currentTimeMillis();
long oneMinuteFromNow = now + (60 * 1000);
PresignedUrl url =
testHelper.getUserProfileAttachmentUrl(
TestUserDAO.TEST_USER_NAME, testUser.getId(), resultToken.getTokenId());
System.out.println(url);
assertNotNull(url);
assertNotNull(url.getPresignedUrl());
URL urlReal = new URL(url.getPresignedUrl());
// Check that it expires quickly (not as important when it's the public user profile picture)
String[] split = urlReal.getQuery().split("&");
assertTrue(split.length > 1);
String[] expiresSplit = split[0].split("=");
assertEquals("Expires", expiresSplit[0]);
// It should expire within a minute max
Long expirsInt = Long.parseLong(expiresSplit[1]);
long expiresMil = expirsInt.longValue() * 1000l;
System.out.println("Now: " + new Date(now));
System.out.println("Expires: " + new Date(expiresMil));
assertTrue("This URL should expire in under a minute!", expiresMil < oneMinuteFromNow);
assertTrue("This URL should expire after now!", now <= expiresMil);
// Delete the file
s3Utility.deleteFromS3(path);
}
public static TermsOfUseAccessApproval newAccessApproval(
UserGroup principal, AccessRequirement ar) throws DatastoreException {
TermsOfUseAccessApproval accessApproval = new TermsOfUseAccessApproval();
accessApproval.setCreatedBy(principal.getId());
accessApproval.setCreatedOn(new Date());
accessApproval.setModifiedBy(principal.getId());
accessApproval.setModifiedOn(new Date());
accessApproval.setEtag("10");
accessApproval.setAccessorId(principal.getId());
accessApproval.setRequirementId(ar.getId());
accessApproval.setEntityType("com.sagebionetworks.repo.model.TermsOfUseAccessApproval");
return accessApproval;
}
@Test
public void testUnmetARsForEvaluation() throws Exception {
RestrictableObjectDescriptor rod =
AccessRequirementUtilsTest.createRestrictableObjectDescriptor(
evaluation.getId(), RestrictableObjectType.EVALUATION);
// Logic for unmet requirements doesn't reflect ownership at the DAO level. It's factored in at
// the manager level.
// Therefore, the owner see unmet ARs for herself..
List<Long> unmetARIds =
accessRequirementDAO.unmetAccessRequirements(
rod,
Arrays.asList(new Long[] {Long.parseLong(individualGroup.getId())}),
participateAndDownload);
assertEquals(1, unmetARIds.size());
assertEquals(accessRequirement2.getId(), unmetARIds.iterator().next());
// ... just as someone else does, if they haven't signed the ToU
unmetARIds =
accessRequirementDAO.unmetAccessRequirements(
rod,
Arrays.asList(new Long[] {Long.parseLong(individualGroup2.getId())}),
participateAndDownload);
assertEquals(1, unmetARIds.size());
assertEquals(accessRequirement2.getId(), unmetARIds.iterator().next());
// Create a new object
accessApproval2 = newAccessApproval(individualGroup2, accessRequirement2);
// Create it
accessApproval2 = accessApprovalDAO.create(accessApproval2);
String id = accessApproval2.getId().toString();
assertNotNull(id);
// no unmet requirement anymore ...
assertTrue(
accessRequirementDAO
.unmetAccessRequirements(
rod,
Arrays.asList(new Long[] {Long.parseLong(individualGroup2.getId())}),
participateAndDownload)
.isEmpty());
// Get by evaluation Id
Collection<AccessApproval> ars =
accessApprovalDAO.getForAccessRequirementsAndPrincipals(
Arrays.asList(new String[] {accessRequirement2.getId().toString()}),
Arrays.asList(new String[] {individualGroup2.getId().toString()}));
assertEquals(1, ars.size());
assertEquals(accessApproval2, ars.iterator().next());
}
/** @throws java.lang.Exception */
@Before
public void setUp() throws Exception {
testHelper.setUp();
testHelper.setTestUser(TEST_USER1);
project = new Project();
project.setName("proj");
project = testHelper.createEntity(project, null);
dataset = new Study();
dataset.setName("study");
dataset.setParentId(project.getId());
dataset = testHelper.createEntity(dataset, null);
// Add a public read ACL to the project object
AccessControlList projectAcl = testHelper.getEntityACL(project);
ResourceAccess ac = new ResourceAccess();
UserGroup authenticatedUsers =
userGroupDAO.findGroup(
AuthorizationConstants.DEFAULT_GROUPS.AUTHENTICATED_USERS.name(), false);
assertNotNull(authenticatedUsers);
ac.setPrincipalId(Long.parseLong(authenticatedUsers.getId()));
ac.setAccessType(new HashSet<ACCESS_TYPE>());
ac.getAccessType().add(ACCESS_TYPE.READ);
projectAcl.getResourceAccess().add(ac);
projectAcl = testHelper.updateEntityAcl(project, projectAcl);
testUser = userGroupDAO.findGroup(TEST_USER1, true);
}
public static TermsOfUseAccessRequirement newAccessRequirement(UserGroup principal, Node node)
throws DatastoreException {
TermsOfUseAccessRequirement accessRequirement = new TermsOfUseAccessRequirement();
accessRequirement.setCreatedBy(principal.getId());
accessRequirement.setCreatedOn(new Date());
accessRequirement.setModifiedBy(principal.getId());
accessRequirement.setModifiedOn(new Date());
accessRequirement.setEtag("10");
accessRequirement.setAccessType(ACCESS_TYPE.DOWNLOAD);
accessRequirement.setEntityIds(
Arrays.asList(
new String[] {
node.getId(), node.getId()
})); // test that repeated IDs doesn't break anything
accessRequirement.setEntityType("com.sagebionetworks.repo.model.TermsOfUseAccessRequirements");
return accessRequirement;
}
@Before
public void setUp() throws Exception {
individualGroup = userGroupDAO.findGroup(TEST_USER_NAME, true);
if (individualGroup == null) {
individualGroup = new UserGroup();
individualGroup.setName(TEST_USER_NAME);
individualGroup.setIsIndividual(true);
individualGroup.setCreationDate(new Date());
individualGroup.setId(userGroupDAO.create(individualGroup));
}
if (node == null) {
node = NodeTestUtils.createNew("foo", Long.parseLong(individualGroup.getId()));
node.setId(nodeDAO.createNew(node));
}
;
if (node2 == null) {
node2 = NodeTestUtils.createNew("bar", Long.parseLong(individualGroup.getId()));
node2.setId(nodeDAO.createNew(node2));
}
;
}
@Override
public QueryResults<AccessApproval> getAccessApprovalsForEntity(
UserInfo userInfo, String entityId)
throws DatastoreException, NotFoundException, ForbiddenException {
if (!authorizationManager.canAccess(userInfo, entityId, ACCESS_TYPE.READ)) {
throw new ForbiddenException("You are not allowed to access the requested resource.");
}
List<AccessRequirement> ars = accessRequirementDAO.getForNode(entityId);
List<String> arIds = new ArrayList<String>();
for (AccessRequirement ar : ars) arIds.add(ar.getId().toString());
List<String> principalIds = new ArrayList<String>();
principalIds.add(userInfo.getIndividualGroup().getId());
for (UserGroup ug : userInfo.getGroups()) principalIds.add(ug.getId());
List<AccessApproval> aas =
accessApprovalDAO.getForAccessRequirementsAndPrincipals(arIds, principalIds);
QueryResults<AccessApproval> result = new QueryResults<AccessApproval>(aas, aas.size());
return result;
}
@Before
public void setUp() throws Exception {
individualGroup = userGroupDAO.findGroup(TEST_USER_NAME, true);
if (individualGroup == null) {
individualGroup = new UserGroup();
individualGroup.setName(TEST_USER_NAME);
individualGroup.setIsIndividual(true);
individualGroup.setCreationDate(new Date());
individualGroup.setId(userGroupDAO.create(individualGroup));
}
individualGroup2 = userGroupDAO.findGroup(TEST_USER_NAME, true);
if (individualGroup2 == null) {
individualGroup2 = new UserGroup();
individualGroup2.setName(TEST_USER_NAME_2);
individualGroup2.setIsIndividual(true);
individualGroup2.setCreationDate(new Date());
individualGroup2.setId(userGroupDAO.create(individualGroup2));
}
if (node == null) {
node = NodeTestUtils.createNew("foo", Long.parseLong(individualGroup.getId()));
node.setId(nodeDAO.createNew(node));
}
;
if (node2 == null) {
node2 = NodeTestUtils.createNew("bar", Long.parseLong(individualGroup.getId()));
node2.setId(nodeDAO.createNew(node2));
}
;
accessRequirement =
DBOAccessRequirementDAOImplTest.newEntityAccessRequirement(individualGroup, node, "foo");
accessRequirement = accessRequirementDAO.create(accessRequirement);
Long id = accessRequirement.getId();
assertNotNull(id);
if (evaluation == null) {
evaluation =
DBOAccessRequirementDAOImplTest.createNewEvaluation(
"foo", individualGroup.getId(), idGenerator, node.getId());
evaluation.setId(evaluationDAO.create(evaluation, Long.parseLong(individualGroup.getId())));
}
;
accessRequirement2 =
DBOAccessRequirementDAOImplTest.newMixedAccessRequirement(
individualGroup, node2, evaluation, "bar");
accessRequirement2 = accessRequirementDAO.create(accessRequirement2);
id = accessRequirement2.getId();
assertNotNull(id);
if (participateAndDownload == null) {
participateAndDownload = new ArrayList<ACCESS_TYPE>();
participateAndDownload.add(ACCESS_TYPE.DOWNLOAD);
participateAndDownload.add(ACCESS_TYPE.PARTICIPATE);
}
if (downloadAccessType == null) {
downloadAccessType = new ArrayList<ACCESS_TYPE>();
downloadAccessType.add(ACCESS_TYPE.DOWNLOAD);
}
if (updateAccessType == null) {
updateAccessType = new ArrayList<ACCESS_TYPE>();
updateAccessType.add(ACCESS_TYPE.UPDATE);
}
}
@Test
public void testCRUD() throws Exception {
// first of all, we should see the unmet requirement
RestrictableObjectDescriptor rod =
AccessRequirementUtilsTest.createRestrictableObjectDescriptor(node.getId());
List<Long> unmetARIds =
accessRequirementDAO.unmetAccessRequirements(
rod,
Arrays.asList(new Long[] {Long.parseLong(individualGroup.getId())}),
downloadAccessType);
assertEquals(1, unmetARIds.size());
assertEquals(accessRequirement.getId(), unmetARIds.iterator().next());
// while we're at it, check the edge cases:
// same result for ficticious principal ID
unmetARIds =
accessRequirementDAO.unmetAccessRequirements(
rod, Arrays.asList(new Long[] {8888L}), downloadAccessType);
assertEquals(1, unmetARIds.size());
assertEquals(accessRequirement.getId(), unmetARIds.iterator().next());
// no unmet requirements for ficticious node ID
assertTrue(
accessRequirementDAO
.unmetAccessRequirements(
AccessRequirementUtilsTest.createRestrictableObjectDescriptor("syn7890"),
Arrays.asList(new Long[] {Long.parseLong(individualGroup.getId())}),
downloadAccessType)
.isEmpty());
// no unmet requirement for other type of access
assertTrue(
accessRequirementDAO
.unmetAccessRequirements(
rod,
Arrays.asList(new Long[] {Long.parseLong(individualGroup.getId())}),
updateAccessType)
.isEmpty());
// Create a new object
accessApproval = newAccessApproval(individualGroup, accessRequirement);
// Create it
accessApproval = accessApprovalDAO.create(accessApproval);
String id = accessApproval.getId().toString();
assertNotNull(id);
// no unmet requirement anymore ...
assertTrue(
accessRequirementDAO
.unmetAccessRequirements(
rod,
Arrays.asList(new Long[] {Long.parseLong(individualGroup.getId())}),
downloadAccessType)
.isEmpty());
// ... but for a different (ficticious) user, the requirement isn't met...
unmetARIds =
accessRequirementDAO.unmetAccessRequirements(
rod, Arrays.asList(new Long[] {8888L}), downloadAccessType);
assertEquals(1, unmetARIds.size());
assertEquals(accessRequirement.getId(), unmetARIds.iterator().next());
// ... and it's still unmet for the second node
RestrictableObjectDescriptor rod2 =
AccessRequirementUtilsTest.createRestrictableObjectDescriptor(node2.getId());
unmetARIds =
accessRequirementDAO.unmetAccessRequirements(
rod2,
Arrays.asList(new Long[] {Long.parseLong(individualGroup.getId())}),
participateAndDownload);
assertEquals(1, unmetARIds.size());
assertEquals(accessRequirement2.getId(), unmetARIds.iterator().next());
// Fetch it
AccessApproval clone = accessApprovalDAO.get(id);
assertNotNull(clone);
assertEquals(accessApproval, clone);
// Get by Node Id
Collection<AccessApproval> ars =
accessApprovalDAO.getForAccessRequirementsAndPrincipals(
Arrays.asList(new String[] {accessRequirement.getId().toString()}),
Arrays.asList(new String[] {individualGroup.getId().toString()}));
assertEquals(1, ars.size());
assertEquals(accessApproval, ars.iterator().next());
// update it
clone = ars.iterator().next();
AccessApproval updatedAA = accessApprovalDAO.update(clone);
assertEquals(
((TermsOfUseAccessApproval) clone).getEntityType(),
((TermsOfUseAccessApproval) updatedAA).getEntityType());
assertTrue(
"etags should be different after an update", !clone.getEtag().equals(updatedAA.getEtag()));
try {
accessApprovalDAO.update(clone);
fail("conflicting update exception not thrown");
} catch (ConflictingUpdateException e) {
// We expected this exception
}
try {
// Update from a backup.
updatedAA = accessApprovalDAO.updateFromBackup(clone);
assertEquals(clone.getEtag(), updatedAA.getEtag());
} catch (ConflictingUpdateException e) {
fail("Update from backup should not generate exception even if the e-tag is different.");
}
// Delete it
accessApprovalDAO.delete(id);
}
