Esempio n. 1
0
  @Test(groups = "slow")
  public void testPermissions() throws Exception {
    logout();

    try {
      killBillClient.getPermissions();
      Assert.fail();
    } catch (final KillBillClientException e) {
      Assert.assertEquals(e.getResponse().getStatusCode(), Status.UNAUTHORIZED.getStatusCode());
    }

    // See src/test/resources/shiro.ini

    final List<String> pierresPermissions = getPermissions("pierre", "password");
    Assert.assertEquals(pierresPermissions.size(), 2);
    Assert.assertEquals(
        new HashSet<String>(pierresPermissions),
        ImmutableSet.<String>of(
            Permission.INVOICE_CAN_CREDIT.toString(),
            Permission.INVOICE_CAN_ITEM_ADJUST.toString()));

    final List<String> stephanesPermissions = getPermissions("stephane", "password");
    Assert.assertEquals(stephanesPermissions.size(), 1);
    Assert.assertEquals(
        new HashSet<String>(stephanesPermissions),
        ImmutableSet.<String>of(Permission.PAYMENT_CAN_REFUND.toString()));
  }
Esempio n. 2
0
  @Test(groups = "slow")
  public void testUserWithUpdates() throws KillBillClientException {

    final String roleDefinition = "somethingNice";
    final String allPermissions = "*";

    final String username = "******";
    final String password = "******";

    Response response =
        killBillClient.addRoleDefinition(
            new RoleDefinition(roleDefinition, ImmutableList.of(allPermissions)),
            createdBy,
            reason,
            comment);
    Assert.assertEquals(response.getStatusCode(), 201);

    response =
        killBillClient.addUserRoles(
            new UserRoles(username, password, ImmutableList.of(roleDefinition)),
            createdBy,
            reason,
            comment);
    Assert.assertEquals(response.getStatusCode(), 201);

    logout();
    login(username, password);
    Permissions permissions = killBillClient.getPermissions();
    Assert.assertEquals(permissions.size(), Permission.values().length);

    String newPassword = "******";
    killBillClient.updateUserPassword(username, newPassword, createdBy, reason, comment);

    logout();
    login(username, newPassword);
    permissions = killBillClient.getPermissions();
    Assert.assertEquals(permissions.size(), Permission.values().length);

    final String newRoleDefinition = "somethingLessNice";
    // Only enough permissions to invalidate itself in the last step...
    final String littlePermissions = "user";

    response =
        killBillClient.addRoleDefinition(
            new RoleDefinition(newRoleDefinition, ImmutableList.of(littlePermissions)),
            createdBy,
            reason,
            comment);
    Assert.assertEquals(response.getStatusCode(), 201);

    killBillClient.updateUserRoles(
        username, ImmutableList.of(newRoleDefinition), createdBy, reason, comment);
    permissions = killBillClient.getPermissions();
    // This will only work if correct shiro cache invalidation was performed... requires lots of
    // sweat to get it to work ;-)
    Assert.assertEquals(permissions.size(), 2);

    killBillClient.invalidateUser(username, createdBy, reason, comment);
    try {
      killBillClient.getPermissions();
      Assert.fail();
    } catch (final KillBillClientException e) {
      Assert.assertEquals(e.getResponse().getStatusCode(), Status.UNAUTHORIZED.getStatusCode());
    }
  }