@Test(groups = "slow")
public void testPermissions() throws Exception {
logout();
try {
killBillClient.getPermissions();
Assert.fail();
} catch (final KillBillClientException e) {
Assert.assertEquals(e.getResponse().getStatusCode(), Status.UNAUTHORIZED.getStatusCode());
}
// See src/test/resources/shiro.ini
final List<String> pierresPermissions = getPermissions("pierre", "password");
Assert.assertEquals(pierresPermissions.size(), 2);
Assert.assertEquals(
new HashSet<String>(pierresPermissions),
ImmutableSet.<String>of(
Permission.INVOICE_CAN_CREDIT.toString(),
Permission.INVOICE_CAN_ITEM_ADJUST.toString()));
final List<String> stephanesPermissions = getPermissions("stephane", "password");
Assert.assertEquals(stephanesPermissions.size(), 1);
Assert.assertEquals(
new HashSet<String>(stephanesPermissions),
ImmutableSet.<String>of(Permission.PAYMENT_CAN_REFUND.toString()));
}
@Test(groups = "slow")
public void testUserWithUpdates() throws KillBillClientException {
final String roleDefinition = "somethingNice";
final String allPermissions = "*";
final String username = "******";
final String password = "******";
Response response =
killBillClient.addRoleDefinition(
new RoleDefinition(roleDefinition, ImmutableList.of(allPermissions)),
createdBy,
reason,
comment);
Assert.assertEquals(response.getStatusCode(), 201);
response =
killBillClient.addUserRoles(
new UserRoles(username, password, ImmutableList.of(roleDefinition)),
createdBy,
reason,
comment);
Assert.assertEquals(response.getStatusCode(), 201);
logout();
login(username, password);
Permissions permissions = killBillClient.getPermissions();
Assert.assertEquals(permissions.size(), Permission.values().length);
String newPassword = "******";
killBillClient.updateUserPassword(username, newPassword, createdBy, reason, comment);
logout();
login(username, newPassword);
permissions = killBillClient.getPermissions();
Assert.assertEquals(permissions.size(), Permission.values().length);
final String newRoleDefinition = "somethingLessNice";
// Only enough permissions to invalidate itself in the last step...
final String littlePermissions = "user";
response =
killBillClient.addRoleDefinition(
new RoleDefinition(newRoleDefinition, ImmutableList.of(littlePermissions)),
createdBy,
reason,
comment);
Assert.assertEquals(response.getStatusCode(), 201);
killBillClient.updateUserRoles(
username, ImmutableList.of(newRoleDefinition), createdBy, reason, comment);
permissions = killBillClient.getPermissions();
// This will only work if correct shiro cache invalidation was performed... requires lots of
// sweat to get it to work ;-)
Assert.assertEquals(permissions.size(), 2);
killBillClient.invalidateUser(username, createdBy, reason, comment);
try {
killBillClient.getPermissions();
Assert.fail();
} catch (final KillBillClientException e) {
Assert.assertEquals(e.getResponse().getStatusCode(), Status.UNAUTHORIZED.getStatusCode());
}
}
