public void testPackageBasedPermissionAnalyst() throws Exception { // Mock up SEAM contexts Map application = new HashMap<String, Object>(); Lifecycle.beginApplication(application); Lifecycle.beginCall(); MockIdentity midentity = new MockIdentity(); Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity); String package1Name = "testPackageBasedPermissionAnalystPackageName1"; String package2Name = "testPackageBasedPermissionAnalystPackageName2"; List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>(); pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, package1Name, null)); pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category1")); MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps); Contexts.getSessionContext() .set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store); // Put permission list in session. RoleBasedPermissionManager testManager = new RoleBasedPermissionManager(); testManager.create(); Contexts.getSessionContext().set("roleBasedPermissionManager", testManager); RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver(); resolver.setEnableRoleBasedAuthorization(true); assertTrue(resolver.hasPermission(new PackageNameType(package1Name), RoleTypes.ANALYST)); assertTrue(resolver.hasPermission(new PackageNameType(package2Name), RoleTypes.ANALYST)); Lifecycle.endApplication(); }
// Package.admin: everything for that package, including creating snapshots for that package. public void testPackageBasedPermissionPackageAdmin() throws Exception { // Mock up SEAM contexts Map application = new HashMap<String, Object>(); Lifecycle.beginApplication(application); Lifecycle.beginCall(); MockIdentity midentity = new MockIdentity(); Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity); String packageName = "testPackageBasedPermissionPackageAdminPackageName"; List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>(); pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_ADMIN, packageName, null)); MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps); Contexts.getSessionContext() .set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store); // Put permission list in session. RoleBasedPermissionManager testManager = new RoleBasedPermissionManager(); testManager.create(); Contexts.getSessionContext().set("roleBasedPermissionManager", testManager); RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver(); resolver.setEnableRoleBasedAuthorization(true); assertTrue(resolver.hasPermission(new PackageNameType(packageName), RoleTypes.PACKAGE_ADMIN)); assertTrue( resolver.hasPermission(new PackageNameType(packageName), RoleTypes.PACKAGE_DEVELOPER)); assertTrue( resolver.hasPermission(new PackageNameType(packageName), RoleTypes.PACKAGE_READONLY)); assertFalse( resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", RoleTypes.PACKAGE_READONLY)); Lifecycle.endApplication(); }
/** This tests that we can navigate the tree if we have sub path permissions. */ public void testCategoryBasedSubPerms() throws Exception { // Mock up SEAM contexts Map application = new HashMap<String, Object>(); Lifecycle.beginApplication(application); Lifecycle.beginCall(); MockIdentity midentity = new MockIdentity(); Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity); List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>(); pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST_READ, null, "category1/sub1")); pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category2/sub1/sub2")); pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category4")); MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps); Contexts.getSessionContext() .set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store); // Put permission list in session. RoleBasedPermissionManager testManager = new RoleBasedPermissionManager(); testManager.create(); Contexts.getSessionContext().set("roleBasedPermissionManager", testManager); RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver(); resolver.setEnableRoleBasedAuthorization(true); assertFalse(resolver.hasPermission(new CategoryPathType("category1"), null)); assertFalse(resolver.hasPermission(new CategoryPathType("category2"), null)); assertFalse(resolver.hasPermission(new CategoryPathType("category1"), RoleTypes.ANALYST_READ)); assertFalse( resolver.hasPermission(new CategoryPathType("category2/sub1"), RoleTypes.ANALYST_READ)); assertFalse(resolver.hasPermission(new CategoryPathType("category1"), RoleTypes.ANALYST)); assertTrue( resolver.hasPermission(new CategoryPathType("category1/sub1"), RoleTypes.ANALYST_READ)); assertTrue( resolver.hasPermission(new CategoryPathType("category2/sub1/sub2"), RoleTypes.ANALYST)); assertTrue(resolver.hasPermission(new CategoryPathType("category2/sub1/sub2"), null)); assertTrue(resolver.hasPermission(new CategoryPathType("category4"), "navigate")); assertTrue(resolver.hasPermission(new CategoryPathType("category1"), "navigate")); assertTrue(resolver.hasPermission(new CategoryPathType("category2"), "navigate")); assertTrue(resolver.hasPermission(new CategoryPathType("category1/sub1"), "navigate")); assertTrue(resolver.hasPermission(new CategoryPathType("category2/sub1"), "navigate")); assertTrue(resolver.hasPermission(new CategoryPathType("category1/sub1/sub2"), "navigate")); assertFalse(resolver.hasPermission(new CategoryPathType("category3"), "navigate")); Lifecycle.endApplication(); }
public void testIsSubPath() { RoleBasedPermissionResolver pr = new RoleBasedPermissionResolver(); assertTrue(pr.isSubPath("foo", "foo/bar")); assertTrue(pr.isSubPath("foo", "/foo/bar")); assertTrue(pr.isSubPath("/foo/bar", "/foo/bar")); assertFalse(pr.isSubPath("/foo/bar", "foo")); assertTrue(pr.isSubPath("foo", "foo/bar/baz")); assertTrue(pr.isSubPath("foo/bar", "foo/bar/baz")); assertFalse(pr.isSubPath("wang", "foo/bar/baz")); assertFalse(pr.isSubPath("wang/whee", "foo/bar/baz")); assertFalse(pr.isSubPath("foo1", "foo2")); assertTrue(pr.isSubPath("foo1", "foo1")); }