@Test(expected = AccessDeniedException.class)
public void accessIsDeniedIfPermissionIsNotGranted() {
AclService service = mock(AclService.class);
Acl acl = mock(Acl.class);
when(acl.isGranted(any(List.class), any(List.class), anyBoolean())).thenReturn(false);
// Try a second time with no permissions found
when(acl.isGranted(any(List.class), any(List.class), anyBoolean()))
.thenThrow(new NotFoundException(""));
when(service.readAclById(any(ObjectIdentity.class), any(List.class))).thenReturn(acl);
AclEntryAfterInvocationProvider provider =
new AclEntryAfterInvocationProvider(service, Arrays.asList(mock(Permission.class)));
provider.setProcessConfigAttribute("MY_ATTRIBUTE");
provider.setMessageSource(new SpringSecurityMessageSource());
provider.setObjectIdentityRetrievalStrategy(mock(ObjectIdentityRetrievalStrategy.class));
provider.setProcessDomainObjectClass(Object.class);
provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
try {
provider.decide(
mock(Authentication.class),
new Object(),
SecurityConfig.createList("UNSUPPORTED", "MY_ATTRIBUTE"),
new Object());
fail("Expected Exception");
} catch (AccessDeniedException expected) {
}
// Second scenario with no acls found
provider.decide(
mock(Authentication.class),
new Object(),
SecurityConfig.createList("UNSUPPORTED", "MY_ATTRIBUTE"),
new Object());
}
@Test
public void accessIsGrantedIfObjectTypeNotSupported() throws Exception {
AclEntryAfterInvocationProvider provider =
new AclEntryAfterInvocationProvider(
mock(AclService.class), Arrays.asList(mock(Permission.class)));
provider.setProcessDomainObjectClass(String.class);
// Not a String
Object returned = new Object();
assertThat(returned)
.isSameAs(
provider.decide(
mock(Authentication.class),
new Object(),
SecurityConfig.createList("AFTER_ACL_READ"),
returned));
}
@Test
public void accessIsAllowedIfPermissionIsGranted() {
AclService service = mock(AclService.class);
Acl acl = mock(Acl.class);
when(acl.isGranted(any(List.class), any(List.class), anyBoolean())).thenReturn(true);
when(service.readAclById(any(ObjectIdentity.class), any(List.class))).thenReturn(acl);
AclEntryAfterInvocationProvider provider =
new AclEntryAfterInvocationProvider(service, Arrays.asList(mock(Permission.class)));
provider.setMessageSource(new SpringSecurityMessageSource());
provider.setObjectIdentityRetrievalStrategy(mock(ObjectIdentityRetrievalStrategy.class));
provider.setProcessDomainObjectClass(Object.class);
provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
Object returned = new Object();
assertThat(returned)
.isSameAs(
provider.decide(
mock(Authentication.class),
new Object(),
SecurityConfig.createList("AFTER_ACL_READ"),
returned));
}