private void checkPermission( List<ClientPermission> permissions, String permission, int expectedValue) { for (ClientPermission clientPermission : permissions) { if (clientPermission.getId().equals(permission)) { Assert.assertEquals(expectedValue, clientPermission.getValue()); return; } } Assert.fail("Did not find permission: " + permissions); }
@Test public void testSecurityDisabledStatus() throws Exception { NexusStatusUtil statusUtil = getNexusStatusUtil(); StatusResource statusResource = statusUtil.getNexusStatus(true).getData(); List<ClientPermission> permisisons = statusResource.getClientPermissions().getPermissions(); Assert.assertTrue( "Permissions are empty, expected a whole bunch, not zero.", permisisons.size() > 0); for (ClientPermission clientPermission : permisisons) { Assert.assertEquals( "Permission '" + clientPermission.getId() + "' should have had a value of '15', the value was" + clientPermission.getValue(), clientPermission.getValue(), 15); } // that is it, just checking the values, when security is disabled, access is WIDE open. }
@Test public void testDeploymentUserPrivileges() throws Exception { TestContainer.getInstance().getTestContext().setUsername("test-user"); TestContainer.getInstance().getTestContext().setPassword("admin123"); List<ClientPermission> permissions = this.getPermissions(); Assert.assertEquals(this.getExpectedPrivilegeCount(), permissions.size()); this.checkPermission(permissions, "nexus:*", 0); this.checkPermission(permissions, "nexus:status", 1); this.checkPermission(permissions, "nexus:authentication", 1); this.checkPermission(permissions, "nexus:settings", 0); this.checkPermission(permissions, "nexus:repositories", 1); this.checkPermission(permissions, "nexus:repotemplates", 0); this.checkPermission(permissions, "nexus:repogroups", 1); this.checkPermission(permissions, "nexus:index", 1); this.checkPermission(permissions, "nexus:identify", 1); this.checkPermission(permissions, "nexus:attributes", 0); this.checkPermission(permissions, "nexus:cache", 0); this.checkPermission(permissions, "nexus:routes", 0); this.checkPermission(permissions, "nexus:tasks", 0); this.checkPermission(permissions, "security:privileges", 0); this.checkPermission(permissions, "security:roles", 0); this.checkPermission(permissions, "security:users", 0); this.checkPermission(permissions, "nexus:logs", 0); this.checkPermission(permissions, "nexus:configuration", 0); // no longer available by default // this.checkPermission( permissions, "nexus:feeds", 1 ); this.checkPermission(permissions, "nexus:targets", 0); this.checkPermission(permissions, "nexus:wastebasket", 0); this.checkPermission(permissions, "nexus:artifact", 1); this.checkPermission(permissions, "nexus:repostatus", 1); this.checkPermission(permissions, "security:usersforgotpw", 9); this.checkPermission(permissions, "security:usersforgotid", 9); this.checkPermission(permissions, "security:usersreset", 0); this.checkPermission(permissions, "security:userschangepw", 9); this.checkPermission(permissions, "nexus:command", 0); this.checkPermission(permissions, "nexus:repometa", 0); this.checkPermission(permissions, "nexus:tasksrun", 0); this.checkPermission(permissions, "nexus:tasktypes", 0); this.checkPermission(permissions, "nexus:componentscontentclasses", 1); this.checkPermission(permissions, "nexus:componentscheduletypes", 0); this.checkPermission(permissions, "security:userssetpw", 0); this.checkPermission(permissions, "nexus:componentrealmtypes", 0); this.checkPermission(permissions, "nexus:componentsrepotypes", 1); this.checkPermission(permissions, "security:componentsuserlocatortypes", 0); for (ClientPermission outPermission : permissions) { int count = 0; for (ClientPermission inPermission : permissions) { if (outPermission.getId().equals(inPermission.getId())) { count++; } if (count > 1) { Assert.fail("Duplicate privilege: " + outPermission.getId() + " found count: " + count); } } } }