@After public void tearDown() throws Exception { if (accessApproval != null && accessApproval.getId() != null) { accessApprovalDAO.delete(accessApproval.getId().toString()); } if (accessApproval2 != null && accessApproval2.getId() != null) { accessApprovalDAO.delete(accessApproval2.getId().toString()); } if (accessRequirement != null && accessRequirement.getId() != null) { accessRequirementDAO.delete(accessRequirement.getId().toString()); } if (accessRequirement2 != null && accessRequirement2.getId() != null) { accessRequirementDAO.delete(accessRequirement2.getId().toString()); } if (node != null && nodeDAO != null) { nodeDAO.delete(node.getId()); node = null; } if (node2 != null && nodeDAO != null) { nodeDAO.delete(node2.getId()); node2 = null; } if (evaluation != null && evaluationDAO != null) { evaluationDAO.delete(evaluation.getId()); evaluation = null; } individualGroup = userGroupDAO.findGroup(TEST_USER_NAME, true); if (individualGroup != null) { userGroupDAO.delete(individualGroup.getId()); } individualGroup2 = userGroupDAO.findGroup(TEST_USER_NAME_2, true); if (individualGroup2 != null) { userGroupDAO.delete(individualGroup2.getId()); } }
@Test public void testcreateS3ProfileToken() throws JSONObjectAdapterException, ServletException, IOException, DatastoreException { S3AttachmentToken startToken = new S3AttachmentToken(); startToken.setFileName("someImage.jpg"); startToken.setMd5(TEST_MD5); String fileName = "images/squarish.png"; URL toUpUrl = S3TokenControllerTest.class.getClassLoader().getResource(fileName); assertNotNull("Failed to find: " + fileName + " on the classpath", toUpUrl); File toUpload = new File(toUpUrl.getFile()); // Create the token S3AttachmentToken resultToken = testHelper.createS3AttachmentToken( TestUserDAO.TEST_USER_NAME, ServiceConstants.AttachmentType.USER_PROFILE, testUser.getId(), startToken); System.out.println(resultToken); assertNotNull(resultToken); assertNotNull(resultToken.getTokenId()); assertNotNull(resultToken.getPresignedUrl()); // Upload it String path = S3TokenManagerImpl.createAttachmentPathNoSlash(testUser.getId(), resultToken.getTokenId()); s3Utility.uploadToS3(toUpload, path); // Make sure we can get a signed download URL for this attachment. long now = System.currentTimeMillis(); long oneMinuteFromNow = now + (60 * 1000); PresignedUrl url = testHelper.getUserProfileAttachmentUrl( TestUserDAO.TEST_USER_NAME, testUser.getId(), resultToken.getTokenId()); System.out.println(url); assertNotNull(url); assertNotNull(url.getPresignedUrl()); URL urlReal = new URL(url.getPresignedUrl()); // Check that it expires quickly (not as important when it's the public user profile picture) String[] split = urlReal.getQuery().split("&"); assertTrue(split.length > 1); String[] expiresSplit = split[0].split("="); assertEquals("Expires", expiresSplit[0]); // It should expire within a minute max Long expirsInt = Long.parseLong(expiresSplit[1]); long expiresMil = expirsInt.longValue() * 1000l; System.out.println("Now: " + new Date(now)); System.out.println("Expires: " + new Date(expiresMil)); assertTrue("This URL should expire in under a minute!", expiresMil < oneMinuteFromNow); assertTrue("This URL should expire after now!", now <= expiresMil); // Delete the file s3Utility.deleteFromS3(path); }
public static TermsOfUseAccessApproval newAccessApproval( UserGroup principal, AccessRequirement ar) throws DatastoreException { TermsOfUseAccessApproval accessApproval = new TermsOfUseAccessApproval(); accessApproval.setCreatedBy(principal.getId()); accessApproval.setCreatedOn(new Date()); accessApproval.setModifiedBy(principal.getId()); accessApproval.setModifiedOn(new Date()); accessApproval.setEtag("10"); accessApproval.setAccessorId(principal.getId()); accessApproval.setRequirementId(ar.getId()); accessApproval.setEntityType("com.sagebionetworks.repo.model.TermsOfUseAccessApproval"); return accessApproval; }
@Test public void testUnmetARsForEvaluation() throws Exception { RestrictableObjectDescriptor rod = AccessRequirementUtilsTest.createRestrictableObjectDescriptor( evaluation.getId(), RestrictableObjectType.EVALUATION); // Logic for unmet requirements doesn't reflect ownership at the DAO level. It's factored in at // the manager level. // Therefore, the owner see unmet ARs for herself.. List<Long> unmetARIds = accessRequirementDAO.unmetAccessRequirements( rod, Arrays.asList(new Long[] {Long.parseLong(individualGroup.getId())}), participateAndDownload); assertEquals(1, unmetARIds.size()); assertEquals(accessRequirement2.getId(), unmetARIds.iterator().next()); // ... just as someone else does, if they haven't signed the ToU unmetARIds = accessRequirementDAO.unmetAccessRequirements( rod, Arrays.asList(new Long[] {Long.parseLong(individualGroup2.getId())}), participateAndDownload); assertEquals(1, unmetARIds.size()); assertEquals(accessRequirement2.getId(), unmetARIds.iterator().next()); // Create a new object accessApproval2 = newAccessApproval(individualGroup2, accessRequirement2); // Create it accessApproval2 = accessApprovalDAO.create(accessApproval2); String id = accessApproval2.getId().toString(); assertNotNull(id); // no unmet requirement anymore ... assertTrue( accessRequirementDAO .unmetAccessRequirements( rod, Arrays.asList(new Long[] {Long.parseLong(individualGroup2.getId())}), participateAndDownload) .isEmpty()); // Get by evaluation Id Collection<AccessApproval> ars = accessApprovalDAO.getForAccessRequirementsAndPrincipals( Arrays.asList(new String[] {accessRequirement2.getId().toString()}), Arrays.asList(new String[] {individualGroup2.getId().toString()})); assertEquals(1, ars.size()); assertEquals(accessApproval2, ars.iterator().next()); }
/** @throws java.lang.Exception */ @Before public void setUp() throws Exception { testHelper.setUp(); testHelper.setTestUser(TEST_USER1); project = new Project(); project.setName("proj"); project = testHelper.createEntity(project, null); dataset = new Study(); dataset.setName("study"); dataset.setParentId(project.getId()); dataset = testHelper.createEntity(dataset, null); // Add a public read ACL to the project object AccessControlList projectAcl = testHelper.getEntityACL(project); ResourceAccess ac = new ResourceAccess(); UserGroup authenticatedUsers = userGroupDAO.findGroup( AuthorizationConstants.DEFAULT_GROUPS.AUTHENTICATED_USERS.name(), false); assertNotNull(authenticatedUsers); ac.setPrincipalId(Long.parseLong(authenticatedUsers.getId())); ac.setAccessType(new HashSet<ACCESS_TYPE>()); ac.getAccessType().add(ACCESS_TYPE.READ); projectAcl.getResourceAccess().add(ac); projectAcl = testHelper.updateEntityAcl(project, projectAcl); testUser = userGroupDAO.findGroup(TEST_USER1, true); }
public static TermsOfUseAccessRequirement newAccessRequirement(UserGroup principal, Node node) throws DatastoreException { TermsOfUseAccessRequirement accessRequirement = new TermsOfUseAccessRequirement(); accessRequirement.setCreatedBy(principal.getId()); accessRequirement.setCreatedOn(new Date()); accessRequirement.setModifiedBy(principal.getId()); accessRequirement.setModifiedOn(new Date()); accessRequirement.setEtag("10"); accessRequirement.setAccessType(ACCESS_TYPE.DOWNLOAD); accessRequirement.setEntityIds( Arrays.asList( new String[] { node.getId(), node.getId() })); // test that repeated IDs doesn't break anything accessRequirement.setEntityType("com.sagebionetworks.repo.model.TermsOfUseAccessRequirements"); return accessRequirement; }
@Before public void setUp() throws Exception { individualGroup = userGroupDAO.findGroup(TEST_USER_NAME, true); if (individualGroup == null) { individualGroup = new UserGroup(); individualGroup.setName(TEST_USER_NAME); individualGroup.setIsIndividual(true); individualGroup.setCreationDate(new Date()); individualGroup.setId(userGroupDAO.create(individualGroup)); } if (node == null) { node = NodeTestUtils.createNew("foo", Long.parseLong(individualGroup.getId())); node.setId(nodeDAO.createNew(node)); } ; if (node2 == null) { node2 = NodeTestUtils.createNew("bar", Long.parseLong(individualGroup.getId())); node2.setId(nodeDAO.createNew(node2)); } ; }
@Override public QueryResults<AccessApproval> getAccessApprovalsForEntity( UserInfo userInfo, String entityId) throws DatastoreException, NotFoundException, ForbiddenException { if (!authorizationManager.canAccess(userInfo, entityId, ACCESS_TYPE.READ)) { throw new ForbiddenException("You are not allowed to access the requested resource."); } List<AccessRequirement> ars = accessRequirementDAO.getForNode(entityId); List<String> arIds = new ArrayList<String>(); for (AccessRequirement ar : ars) arIds.add(ar.getId().toString()); List<String> principalIds = new ArrayList<String>(); principalIds.add(userInfo.getIndividualGroup().getId()); for (UserGroup ug : userInfo.getGroups()) principalIds.add(ug.getId()); List<AccessApproval> aas = accessApprovalDAO.getForAccessRequirementsAndPrincipals(arIds, principalIds); QueryResults<AccessApproval> result = new QueryResults<AccessApproval>(aas, aas.size()); return result; }
@Before public void setUp() throws Exception { individualGroup = userGroupDAO.findGroup(TEST_USER_NAME, true); if (individualGroup == null) { individualGroup = new UserGroup(); individualGroup.setName(TEST_USER_NAME); individualGroup.setIsIndividual(true); individualGroup.setCreationDate(new Date()); individualGroup.setId(userGroupDAO.create(individualGroup)); } individualGroup2 = userGroupDAO.findGroup(TEST_USER_NAME, true); if (individualGroup2 == null) { individualGroup2 = new UserGroup(); individualGroup2.setName(TEST_USER_NAME_2); individualGroup2.setIsIndividual(true); individualGroup2.setCreationDate(new Date()); individualGroup2.setId(userGroupDAO.create(individualGroup2)); } if (node == null) { node = NodeTestUtils.createNew("foo", Long.parseLong(individualGroup.getId())); node.setId(nodeDAO.createNew(node)); } ; if (node2 == null) { node2 = NodeTestUtils.createNew("bar", Long.parseLong(individualGroup.getId())); node2.setId(nodeDAO.createNew(node2)); } ; accessRequirement = DBOAccessRequirementDAOImplTest.newEntityAccessRequirement(individualGroup, node, "foo"); accessRequirement = accessRequirementDAO.create(accessRequirement); Long id = accessRequirement.getId(); assertNotNull(id); if (evaluation == null) { evaluation = DBOAccessRequirementDAOImplTest.createNewEvaluation( "foo", individualGroup.getId(), idGenerator, node.getId()); evaluation.setId(evaluationDAO.create(evaluation, Long.parseLong(individualGroup.getId()))); } ; accessRequirement2 = DBOAccessRequirementDAOImplTest.newMixedAccessRequirement( individualGroup, node2, evaluation, "bar"); accessRequirement2 = accessRequirementDAO.create(accessRequirement2); id = accessRequirement2.getId(); assertNotNull(id); if (participateAndDownload == null) { participateAndDownload = new ArrayList<ACCESS_TYPE>(); participateAndDownload.add(ACCESS_TYPE.DOWNLOAD); participateAndDownload.add(ACCESS_TYPE.PARTICIPATE); } if (downloadAccessType == null) { downloadAccessType = new ArrayList<ACCESS_TYPE>(); downloadAccessType.add(ACCESS_TYPE.DOWNLOAD); } if (updateAccessType == null) { updateAccessType = new ArrayList<ACCESS_TYPE>(); updateAccessType.add(ACCESS_TYPE.UPDATE); } }
@Test public void testCRUD() throws Exception { // first of all, we should see the unmet requirement RestrictableObjectDescriptor rod = AccessRequirementUtilsTest.createRestrictableObjectDescriptor(node.getId()); List<Long> unmetARIds = accessRequirementDAO.unmetAccessRequirements( rod, Arrays.asList(new Long[] {Long.parseLong(individualGroup.getId())}), downloadAccessType); assertEquals(1, unmetARIds.size()); assertEquals(accessRequirement.getId(), unmetARIds.iterator().next()); // while we're at it, check the edge cases: // same result for ficticious principal ID unmetARIds = accessRequirementDAO.unmetAccessRequirements( rod, Arrays.asList(new Long[] {8888L}), downloadAccessType); assertEquals(1, unmetARIds.size()); assertEquals(accessRequirement.getId(), unmetARIds.iterator().next()); // no unmet requirements for ficticious node ID assertTrue( accessRequirementDAO .unmetAccessRequirements( AccessRequirementUtilsTest.createRestrictableObjectDescriptor("syn7890"), Arrays.asList(new Long[] {Long.parseLong(individualGroup.getId())}), downloadAccessType) .isEmpty()); // no unmet requirement for other type of access assertTrue( accessRequirementDAO .unmetAccessRequirements( rod, Arrays.asList(new Long[] {Long.parseLong(individualGroup.getId())}), updateAccessType) .isEmpty()); // Create a new object accessApproval = newAccessApproval(individualGroup, accessRequirement); // Create it accessApproval = accessApprovalDAO.create(accessApproval); String id = accessApproval.getId().toString(); assertNotNull(id); // no unmet requirement anymore ... assertTrue( accessRequirementDAO .unmetAccessRequirements( rod, Arrays.asList(new Long[] {Long.parseLong(individualGroup.getId())}), downloadAccessType) .isEmpty()); // ... but for a different (ficticious) user, the requirement isn't met... unmetARIds = accessRequirementDAO.unmetAccessRequirements( rod, Arrays.asList(new Long[] {8888L}), downloadAccessType); assertEquals(1, unmetARIds.size()); assertEquals(accessRequirement.getId(), unmetARIds.iterator().next()); // ... and it's still unmet for the second node RestrictableObjectDescriptor rod2 = AccessRequirementUtilsTest.createRestrictableObjectDescriptor(node2.getId()); unmetARIds = accessRequirementDAO.unmetAccessRequirements( rod2, Arrays.asList(new Long[] {Long.parseLong(individualGroup.getId())}), participateAndDownload); assertEquals(1, unmetARIds.size()); assertEquals(accessRequirement2.getId(), unmetARIds.iterator().next()); // Fetch it AccessApproval clone = accessApprovalDAO.get(id); assertNotNull(clone); assertEquals(accessApproval, clone); // Get by Node Id Collection<AccessApproval> ars = accessApprovalDAO.getForAccessRequirementsAndPrincipals( Arrays.asList(new String[] {accessRequirement.getId().toString()}), Arrays.asList(new String[] {individualGroup.getId().toString()})); assertEquals(1, ars.size()); assertEquals(accessApproval, ars.iterator().next()); // update it clone = ars.iterator().next(); AccessApproval updatedAA = accessApprovalDAO.update(clone); assertEquals( ((TermsOfUseAccessApproval) clone).getEntityType(), ((TermsOfUseAccessApproval) updatedAA).getEntityType()); assertTrue( "etags should be different after an update", !clone.getEtag().equals(updatedAA.getEtag())); try { accessApprovalDAO.update(clone); fail("conflicting update exception not thrown"); } catch (ConflictingUpdateException e) { // We expected this exception } try { // Update from a backup. updatedAA = accessApprovalDAO.updateFromBackup(clone); assertEquals(clone.getEtag(), updatedAA.getEtag()); } catch (ConflictingUpdateException e) { fail("Update from backup should not generate exception even if the e-tag is different."); } // Delete it accessApprovalDAO.delete(id); }