@Test public void taglibsDocumentationHasPermissionOr() throws Exception { Object domain = new Object(); request.setAttribute("domain", domain); authorizeTag.setAccess("hasPermission(#domain,'read') or hasPermission(#domain,'write')"); when(permissionEvaluator.hasPermission(eq(currentUser), eq(domain), anyString())) .thenReturn(true); assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE); }
@Test public void skipsBodyIfNoAuthenticationPresent() throws Exception { SecurityContextHolder.clearContext(); authorizeTag.setAccess("permitAll"); assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.SKIP_BODY); }
@Test public void showsBodyIfAccessExpressionAllowsAccess() throws Exception { authorizeTag.setAccess("permitAll"); assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE); }
@Test public void requestAttributeIsResolvedAsElVariable() throws JspException { request.setAttribute("blah", "blah"); authorizeTag.setAccess("#blah == 'blah'"); assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE); }
@Test public void skipsBodyIfAccessExpressionDeniesAccess() throws Exception { authorizeTag.setAccess("denyAll"); assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.SKIP_BODY); }