@Test(groups = "slow") public void testPermissions() throws Exception { logout(); try { killBillClient.getPermissions(); Assert.fail(); } catch (final KillBillClientException e) { Assert.assertEquals(e.getResponse().getStatusCode(), Status.UNAUTHORIZED.getStatusCode()); } // See src/test/resources/shiro.ini final List<String> pierresPermissions = getPermissions("pierre", "password"); Assert.assertEquals(pierresPermissions.size(), 2); Assert.assertEquals( new HashSet<String>(pierresPermissions), ImmutableSet.<String>of( Permission.INVOICE_CAN_CREDIT.toString(), Permission.INVOICE_CAN_ITEM_ADJUST.toString())); final List<String> stephanesPermissions = getPermissions("stephane", "password"); Assert.assertEquals(stephanesPermissions.size(), 1); Assert.assertEquals( new HashSet<String>(stephanesPermissions), ImmutableSet.<String>of(Permission.PAYMENT_CAN_REFUND.toString())); }
@Test(groups = "slow") public void testUserWithUpdates() throws KillBillClientException { final String roleDefinition = "somethingNice"; final String allPermissions = "*"; final String username = "******"; final String password = "******"; Response response = killBillClient.addRoleDefinition( new RoleDefinition(roleDefinition, ImmutableList.of(allPermissions)), createdBy, reason, comment); Assert.assertEquals(response.getStatusCode(), 201); response = killBillClient.addUserRoles( new UserRoles(username, password, ImmutableList.of(roleDefinition)), createdBy, reason, comment); Assert.assertEquals(response.getStatusCode(), 201); logout(); login(username, password); Permissions permissions = killBillClient.getPermissions(); Assert.assertEquals(permissions.size(), Permission.values().length); String newPassword = "******"; killBillClient.updateUserPassword(username, newPassword, createdBy, reason, comment); logout(); login(username, newPassword); permissions = killBillClient.getPermissions(); Assert.assertEquals(permissions.size(), Permission.values().length); final String newRoleDefinition = "somethingLessNice"; // Only enough permissions to invalidate itself in the last step... final String littlePermissions = "user"; response = killBillClient.addRoleDefinition( new RoleDefinition(newRoleDefinition, ImmutableList.of(littlePermissions)), createdBy, reason, comment); Assert.assertEquals(response.getStatusCode(), 201); killBillClient.updateUserRoles( username, ImmutableList.of(newRoleDefinition), createdBy, reason, comment); permissions = killBillClient.getPermissions(); // This will only work if correct shiro cache invalidation was performed... requires lots of // sweat to get it to work ;-) Assert.assertEquals(permissions.size(), 2); killBillClient.invalidateUser(username, createdBy, reason, comment); try { killBillClient.getPermissions(); Assert.fail(); } catch (final KillBillClientException e) { Assert.assertEquals(e.getResponse().getStatusCode(), Status.UNAUTHORIZED.getStatusCode()); } }