private void checkPermission(
List<ClientPermission> permissions, String permission, int expectedValue) {
for (ClientPermission clientPermission : permissions) {
if (clientPermission.getId().equals(permission)) {
Assert.assertEquals(expectedValue, clientPermission.getValue());
return;
}
}
Assert.fail("Did not find permission: " + permissions);
}
@Test
public void testAdminPrivileges() throws Exception {
TestContainer.getInstance().getTestContext().useAdminForRequests();
List<ClientPermission> permissions = this.getPermissions();
Assert.assertEquals(this.getExpectedPrivilegeCount(), permissions.size());
for (ClientPermission clientPermission : permissions) {
Assert.assertEquals(15, clientPermission.getValue());
}
}
@Test
public void testSecurityDisabledStatus() throws Exception {
NexusStatusUtil statusUtil = getNexusStatusUtil();
StatusResource statusResource = statusUtil.getNexusStatus(true).getData();
List<ClientPermission> permisisons = statusResource.getClientPermissions().getPermissions();
Assert.assertTrue(
"Permissions are empty, expected a whole bunch, not zero.", permisisons.size() > 0);
for (ClientPermission clientPermission : permisisons) {
Assert.assertEquals(
"Permission '"
+ clientPermission.getId()
+ "' should have had a value of '15', the value was"
+ clientPermission.getValue(),
clientPermission.getValue(),
15);
}
// that is it, just checking the values, when security is disabled, access is WIDE open.
}
@Test
public void testDeploymentUserPrivileges() throws Exception {
TestContainer.getInstance().getTestContext().setUsername("test-user");
TestContainer.getInstance().getTestContext().setPassword("admin123");
List<ClientPermission> permissions = this.getPermissions();
Assert.assertEquals(this.getExpectedPrivilegeCount(), permissions.size());
this.checkPermission(permissions, "nexus:*", 0);
this.checkPermission(permissions, "nexus:status", 1);
this.checkPermission(permissions, "nexus:authentication", 1);
this.checkPermission(permissions, "nexus:settings", 0);
this.checkPermission(permissions, "nexus:repositories", 1);
this.checkPermission(permissions, "nexus:repotemplates", 0);
this.checkPermission(permissions, "nexus:repogroups", 1);
this.checkPermission(permissions, "nexus:index", 1);
this.checkPermission(permissions, "nexus:identify", 1);
this.checkPermission(permissions, "nexus:attributes", 0);
this.checkPermission(permissions, "nexus:cache", 0);
this.checkPermission(permissions, "nexus:routes", 0);
this.checkPermission(permissions, "nexus:tasks", 0);
this.checkPermission(permissions, "security:privileges", 0);
this.checkPermission(permissions, "security:roles", 0);
this.checkPermission(permissions, "security:users", 0);
this.checkPermission(permissions, "nexus:logs", 0);
this.checkPermission(permissions, "nexus:configuration", 0);
// no longer available by default
// this.checkPermission( permissions, "nexus:feeds", 1 );
this.checkPermission(permissions, "nexus:targets", 0);
this.checkPermission(permissions, "nexus:wastebasket", 0);
this.checkPermission(permissions, "nexus:artifact", 1);
this.checkPermission(permissions, "nexus:repostatus", 1);
this.checkPermission(permissions, "security:usersforgotpw", 9);
this.checkPermission(permissions, "security:usersforgotid", 9);
this.checkPermission(permissions, "security:usersreset", 0);
this.checkPermission(permissions, "security:userschangepw", 9);
this.checkPermission(permissions, "nexus:command", 0);
this.checkPermission(permissions, "nexus:repometa", 0);
this.checkPermission(permissions, "nexus:tasksrun", 0);
this.checkPermission(permissions, "nexus:tasktypes", 0);
this.checkPermission(permissions, "nexus:componentscontentclasses", 1);
this.checkPermission(permissions, "nexus:componentscheduletypes", 0);
this.checkPermission(permissions, "security:userssetpw", 0);
this.checkPermission(permissions, "nexus:componentrealmtypes", 0);
this.checkPermission(permissions, "nexus:componentsrepotypes", 1);
this.checkPermission(permissions, "security:componentsuserlocatortypes", 0);
for (ClientPermission outPermission : permissions) {
int count = 0;
for (ClientPermission inPermission : permissions) {
if (outPermission.getId().equals(inPermission.getId())) {
count++;
}
if (count > 1) {
Assert.fail("Duplicate privilege: " + outPermission.getId() + " found count: " + count);
}
}
}
}