public void testPackageBasedPermissionAnalyst() throws Exception {
    // Mock up SEAM contexts
    Map application = new HashMap<String, Object>();
    Lifecycle.beginApplication(application);
    Lifecycle.beginCall();
    MockIdentity midentity = new MockIdentity();
    Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
    String package1Name = "testPackageBasedPermissionAnalystPackageName1";
    String package2Name = "testPackageBasedPermissionAnalystPackageName2";

    List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
    pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, package1Name, null));
    pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category1"));
    MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
    Contexts.getSessionContext()
        .set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);

    // Put permission list in session.
    RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
    testManager.create();
    Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);

    RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
    resolver.setEnableRoleBasedAuthorization(true);

    assertTrue(resolver.hasPermission(new PackageNameType(package1Name), RoleTypes.ANALYST));
    assertTrue(resolver.hasPermission(new PackageNameType(package2Name), RoleTypes.ANALYST));

    Lifecycle.endApplication();
  }
  // Package.admin: everything for that package, including creating snapshots for that package.
  public void testPackageBasedPermissionPackageAdmin() throws Exception {
    // Mock up SEAM contexts
    Map application = new HashMap<String, Object>();
    Lifecycle.beginApplication(application);
    Lifecycle.beginCall();
    MockIdentity midentity = new MockIdentity();
    Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);

    String packageName = "testPackageBasedPermissionPackageAdminPackageName";

    List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
    pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_ADMIN, packageName, null));
    MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
    Contexts.getSessionContext()
        .set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);

    // Put permission list in session.
    RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
    testManager.create();
    Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);

    RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
    resolver.setEnableRoleBasedAuthorization(true);

    assertTrue(resolver.hasPermission(new PackageNameType(packageName), RoleTypes.PACKAGE_ADMIN));
    assertTrue(
        resolver.hasPermission(new PackageNameType(packageName), RoleTypes.PACKAGE_DEVELOPER));
    assertTrue(
        resolver.hasPermission(new PackageNameType(packageName), RoleTypes.PACKAGE_READONLY));

    assertFalse(
        resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", RoleTypes.PACKAGE_READONLY));

    Lifecycle.endApplication();
  }
  /** This tests that we can navigate the tree if we have sub path permissions. */
  public void testCategoryBasedSubPerms() throws Exception {
    // Mock up SEAM contexts
    Map application = new HashMap<String, Object>();
    Lifecycle.beginApplication(application);
    Lifecycle.beginCall();
    MockIdentity midentity = new MockIdentity();
    Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);

    List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
    pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST_READ, null, "category1/sub1"));
    pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category2/sub1/sub2"));
    pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category4"));
    MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
    Contexts.getSessionContext()
        .set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);

    // Put permission list in session.
    RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
    testManager.create();
    Contexts.getSessionContext().set("roleBasedPermissionManager", testManager);

    RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
    resolver.setEnableRoleBasedAuthorization(true);

    assertFalse(resolver.hasPermission(new CategoryPathType("category1"), null));
    assertFalse(resolver.hasPermission(new CategoryPathType("category2"), null));
    assertFalse(resolver.hasPermission(new CategoryPathType("category1"), RoleTypes.ANALYST_READ));
    assertFalse(
        resolver.hasPermission(new CategoryPathType("category2/sub1"), RoleTypes.ANALYST_READ));
    assertFalse(resolver.hasPermission(new CategoryPathType("category1"), RoleTypes.ANALYST));

    assertTrue(
        resolver.hasPermission(new CategoryPathType("category1/sub1"), RoleTypes.ANALYST_READ));
    assertTrue(
        resolver.hasPermission(new CategoryPathType("category2/sub1/sub2"), RoleTypes.ANALYST));
    assertTrue(resolver.hasPermission(new CategoryPathType("category2/sub1/sub2"), null));

    assertTrue(resolver.hasPermission(new CategoryPathType("category4"), "navigate"));
    assertTrue(resolver.hasPermission(new CategoryPathType("category1"), "navigate"));
    assertTrue(resolver.hasPermission(new CategoryPathType("category2"), "navigate"));
    assertTrue(resolver.hasPermission(new CategoryPathType("category1/sub1"), "navigate"));
    assertTrue(resolver.hasPermission(new CategoryPathType("category2/sub1"), "navigate"));
    assertTrue(resolver.hasPermission(new CategoryPathType("category1/sub1/sub2"), "navigate"));
    assertFalse(resolver.hasPermission(new CategoryPathType("category3"), "navigate"));
    Lifecycle.endApplication();
  }
  public void testIsSubPath() {
    RoleBasedPermissionResolver pr = new RoleBasedPermissionResolver();
    assertTrue(pr.isSubPath("foo", "foo/bar"));
    assertTrue(pr.isSubPath("foo", "/foo/bar"));
    assertTrue(pr.isSubPath("/foo/bar", "/foo/bar"));
    assertFalse(pr.isSubPath("/foo/bar", "foo"));

    assertTrue(pr.isSubPath("foo", "foo/bar/baz"));
    assertTrue(pr.isSubPath("foo/bar", "foo/bar/baz"));
    assertFalse(pr.isSubPath("wang", "foo/bar/baz"));
    assertFalse(pr.isSubPath("wang/whee", "foo/bar/baz"));

    assertFalse(pr.isSubPath("foo1", "foo2"));
    assertTrue(pr.isSubPath("foo1", "foo1"));
  }