@Test
public void testUpdateUserProfile() throws Exception {
UserManager userManager = makeInterceptedTarget();
final User user = new User("user");
user.setId(1L);
user.getRoles().add(new Role(Constants.USER_ROLE));
given(userDao.saveUser(user)).willReturn(user);
userManager.saveUser(user);
}
// Test fix to http://issues.appfuse.org/browse/APF-96
@Test
public void testChangeToAdminRoleFromUserRole() throws Exception {
UserManager userManager = makeInterceptedTarget();
User user = new User("user");
user.setId(1L);
user.getRoles().add(new Role(Constants.ADMIN_ROLE));
try {
userManager.saveUser(user);
fail("AccessDeniedException not thrown");
} catch (AccessDeniedException expected) {
assertNotNull(expected);
assertEquals(expected.getMessage(), UserSecurityAdvice.ACCESS_DENIED);
}
}
@Test
public void testAddUserWithoutAdminRole() throws Exception {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
assertTrue(auth.isAuthenticated());
UserManager userManager = makeInterceptedTarget();
User user = new User("admin");
user.setId(2L);
try {
userManager.saveUser(user);
fail("AccessDeniedException not thrown");
} catch (AccessDeniedException expected) {
assertNotNull(expected);
Assert.assertEquals(expected.getMessage(), UserSecurityAdvice.ACCESS_DENIED);
}
}
@Test
public void testAddUserAsAdmin() throws Exception {
SecurityContext securityContext = new SecurityContextImpl();
User user = new User("admin");
user.setId(2L);
user.setPassword("password");
user.addRole(new Role(Constants.ADMIN_ROLE));
UsernamePasswordAuthenticationToken token =
new UsernamePasswordAuthenticationToken(
user.getUsername(), user.getPassword(), user.getAuthorities());
token.setDetails(user);
securityContext.setAuthentication(token);
SecurityContextHolder.setContext(securityContext);
UserManager userManager = makeInterceptedTarget();
final User adminUser = new User("admin");
adminUser.setId(2L);
given(userDao.saveUser(adminUser)).willReturn(adminUser);
userManager.saveUser(adminUser);
}