public void testPermissions() {
Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
assertEquals(0, authorization.getPermissions());
assertFalse(authorization.hasPermission(ACCESS));
assertFalse(authorization.hasPermission(DELETE));
assertFalse(authorization.hasPermission(READ));
assertFalse(authorization.hasPermission(UPDATE));
authorization.addPermission(ACCESS);
assertTrue(authorization.hasPermission(ACCESS));
assertFalse(authorization.hasPermission(DELETE));
assertFalse(authorization.hasPermission(READ));
assertFalse(authorization.hasPermission(UPDATE));
authorization.addPermission(DELETE);
assertTrue(authorization.hasPermission(ACCESS));
assertTrue(authorization.hasPermission(DELETE));
assertFalse(authorization.hasPermission(READ));
assertFalse(authorization.hasPermission(UPDATE));
authorization.addPermission(READ);
assertTrue(authorization.hasPermission(ACCESS));
assertTrue(authorization.hasPermission(DELETE));
assertTrue(authorization.hasPermission(READ));
assertFalse(authorization.hasPermission(UPDATE));
authorization.addPermission(UPDATE);
assertTrue(authorization.hasPermission(ACCESS));
assertTrue(authorization.hasPermission(DELETE));
assertTrue(authorization.hasPermission(READ));
assertTrue(authorization.hasPermission(UPDATE));
authorization.removePermission(ACCESS);
assertFalse(authorization.hasPermission(ACCESS));
assertTrue(authorization.hasPermission(DELETE));
assertTrue(authorization.hasPermission(READ));
assertTrue(authorization.hasPermission(UPDATE));
authorization.removePermission(DELETE);
assertFalse(authorization.hasPermission(ACCESS));
assertFalse(authorization.hasPermission(DELETE));
assertTrue(authorization.hasPermission(READ));
assertTrue(authorization.hasPermission(UPDATE));
authorization.removePermission(READ);
assertFalse(authorization.hasPermission(ACCESS));
assertFalse(authorization.hasPermission(DELETE));
assertFalse(authorization.hasPermission(READ));
assertTrue(authorization.hasPermission(UPDATE));
authorization.removePermission(UPDATE);
assertFalse(authorization.hasPermission(ACCESS));
assertFalse(authorization.hasPermission(DELETE));
assertFalse(authorization.hasPermission(READ));
assertFalse(authorization.hasPermission(UPDATE));
}
public void testUserOverrideGlobalRevokeAuthorizationCheck() {
TestResource resource1 = new TestResource("resource1", 100);
// create global authorization which revokes all permissions to all users (on resource1):
Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
globalGrant.setResource(resource1);
globalGrant.setResourceId(ANY);
globalGrant.removePermission(ALL);
authorizationService.saveAuthorization(globalGrant);
// add READ for jonny
Authorization localRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
localRevoke.setUserId("jonny");
localRevoke.setResource(resource1);
localRevoke.setResourceId(ANY);
localRevoke.addPermission(READ);
authorizationService.saveAuthorization(localRevoke);
// jonny does not have ALL permissions
assertFalse(authorizationService.isUserAuthorized("jonny", null, ALL, resource1));
// jonny can read
assertTrue(authorizationService.isUserAuthorized("jonny", null, READ, resource1));
// jonny can't delete
assertFalse(authorizationService.isUserAuthorized("jonny", null, DELETE, resource1));
// someone else can't do anything
assertFalse(authorizationService.isUserAuthorized("someone else", null, ALL, resource1));
assertFalse(authorizationService.isUserAuthorized("someone else", null, READ, resource1));
assertFalse(authorizationService.isUserAuthorized("someone else", null, DELETE, resource1));
}
public void testGroupOverrideGlobalGrantAuthorizationCheck() {
TestResource resource1 = new TestResource("resource1", 100);
// create global authorization which grants all permissions to all users (on resource1):
Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
globalGrant.setResource(resource1);
globalGrant.setResourceId(ANY);
globalGrant.addPermission(ALL);
authorizationService.saveAuthorization(globalGrant);
// revoke READ for group "sales"
Authorization groupRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
groupRevoke.setGroupId("sales");
groupRevoke.setResource(resource1);
groupRevoke.setResourceId(ANY);
groupRevoke.removePermission(READ);
authorizationService.saveAuthorization(groupRevoke);
List<String> jonnysGroups = Arrays.asList(new String[] {"sales", "marketing"});
List<String> someOneElsesGroups = Arrays.asList(new String[] {"marketing"});
// jonny does not have ALL permissions if queried with groups
assertFalse(authorizationService.isUserAuthorized("jonny", jonnysGroups, ALL, resource1));
// if queried without groups he has
assertTrue(authorizationService.isUserAuthorized("jonny", null, ALL, resource1));
// jonny can't read if queried with groups
assertFalse(authorizationService.isUserAuthorized("jonny", jonnysGroups, READ, resource1));
// if queried without groups he has
assertTrue(authorizationService.isUserAuthorized("jonny", null, READ, resource1));
// someone else who is in group "marketing" but but not "sales" can
assertTrue(
authorizationService.isUserAuthorized("someone else", someOneElsesGroups, ALL, resource1));
assertTrue(
authorizationService.isUserAuthorized("someone else", someOneElsesGroups, READ, resource1));
assertTrue(authorizationService.isUserAuthorized("someone else", null, ALL, resource1));
assertTrue(authorizationService.isUserAuthorized("someone else", null, READ, resource1));
// he could'nt if he were in jonny's groups
assertFalse(
authorizationService.isUserAuthorized("someone else", jonnysGroups, ALL, resource1));
assertFalse(
authorizationService.isUserAuthorized("someone else", jonnysGroups, READ, resource1));
// jonny can still delete
assertTrue(authorizationService.isUserAuthorized("jonny", jonnysGroups, DELETE, resource1));
assertTrue(authorizationService.isUserAuthorized("jonny", null, DELETE, resource1));
}
public void testUserOverrideGroupOverrideGlobalAuthorizationCheck() {
TestResource resource1 = new TestResource("resource1", 100);
// create global authorization which grants all permissions to all users (on resource1):
Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
globalGrant.setResource(resource1);
globalGrant.setResourceId(ANY);
globalGrant.addPermission(ALL);
authorizationService.saveAuthorization(globalGrant);
// revoke READ for group "sales"
Authorization groupRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
groupRevoke.setGroupId("sales");
groupRevoke.setResource(resource1);
groupRevoke.setResourceId(ANY);
groupRevoke.removePermission(READ);
authorizationService.saveAuthorization(groupRevoke);
// add READ for jonny
Authorization userGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
userGrant.setUserId("jonny");
userGrant.setResource(resource1);
userGrant.setResourceId(ANY);
userGrant.addPermission(READ);
authorizationService.saveAuthorization(userGrant);
List<String> jonnysGroups = Arrays.asList(new String[] {"sales", "marketing"});
List<String> someOneElsesGroups = Arrays.asList(new String[] {"marketing"});
// jonny can read
assertTrue(authorizationService.isUserAuthorized("jonny", jonnysGroups, READ, resource1));
assertTrue(authorizationService.isUserAuthorized("jonny", null, READ, resource1));
// someone else in the same groups cannot
assertFalse(
authorizationService.isUserAuthorized("someone else", jonnysGroups, READ, resource1));
// someone else in different groups can
assertTrue(
authorizationService.isUserAuthorized("someone else", someOneElsesGroups, READ, resource1));
}
public void testUserOverrideGlobalGrantAuthorizationCheck() {
TestResource resource1 = new TestResource("resource1", 100);
// create global authorization which grants all permissions to all users (on resource1):
Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
globalGrant.setResource(resource1);
globalGrant.setResourceId(ANY);
globalGrant.addPermission(ALL);
authorizationService.saveAuthorization(globalGrant);
// revoke READ for jonny
Authorization localRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
localRevoke.setUserId("jonny");
localRevoke.setResource(resource1);
localRevoke.setResourceId(ANY);
localRevoke.removePermission(READ);
authorizationService.saveAuthorization(localRevoke);
List<String> jonnysGroups = Arrays.asList(new String[] {"sales", "marketing"});
List<String> someOneElsesGroups = Arrays.asList(new String[] {"marketing"});
// jonny does not have ALL permissions
assertFalse(authorizationService.isUserAuthorized("jonny", null, ALL, resource1));
assertFalse(authorizationService.isUserAuthorized("jonny", jonnysGroups, ALL, resource1));
// jonny can't read
assertFalse(authorizationService.isUserAuthorized("jonny", null, READ, resource1));
assertFalse(authorizationService.isUserAuthorized("jonny", jonnysGroups, READ, resource1));
// someone else can
assertTrue(authorizationService.isUserAuthorized("someone else", null, ALL, resource1));
assertTrue(
authorizationService.isUserAuthorized("someone else", someOneElsesGroups, READ, resource1));
assertTrue(authorizationService.isUserAuthorized("someone else", null, ALL, resource1));
assertTrue(
authorizationService.isUserAuthorized("someone else", someOneElsesGroups, READ, resource1));
// jonny can still delete
assertTrue(authorizationService.isUserAuthorized("jonny", null, DELETE, resource1));
assertTrue(authorizationService.isUserAuthorized("jonny", jonnysGroups, DELETE, resource1));
}