@Test public void cyclic() throws Exception { RepositoryGroupResource groupA = new RepositoryGroupResource(); groupA.setId("groupA"); groupA.setName("groupA"); groupA.setFormat("maven2"); groupA.setProvider("maven2"); createMembers(groupA); this.messageUtil.createGroup(groupA); RepositoryGroupResource groupB = new RepositoryGroupResource(); groupB.setId("groupB"); groupB.setName("groupB"); groupB.setFormat("maven2"); groupB.setProvider("maven2"); RepositoryGroupMemberRepository member = new RepositoryGroupMemberRepository(); member.setId(groupA.getId()); groupB.addRepository(member); this.messageUtil.createGroup(groupB); // introduces cyclic referece between repos member = new RepositoryGroupMemberRepository(); member.setId(groupB.getId()); groupA.addRepository(member); Response resp = this.messageUtil.sendMessage(Method.PUT, groupA); Assert.assertFalse(resp.getStatus().isSuccess()); }
@Override protected void createMembers(RepositoryGroupResource resource) { RepositoryGroupMemberRepository member = new RepositoryGroupMemberRepository(); member.setId(REPO_TEST_HARNESS_REPO); resource.addRepository(member); member = new RepositoryGroupMemberRepository(); member.setId(REPO_NEXUS_TEST_HARNESS_RELEASE_GROUP); resource.addRepository(member); }
@Test(groups = SECURITY) public void testUpdatePermission() throws IOException { TestContainer.getInstance().getTestContext().useAdminForRequests(); this.giveUserPrivilege(TEST_USER_NAME, "repository-all"); RepositoryGroupResource group = new RepositoryGroupResource(); group.setId("testUpdatePermission"); group.setName("testUpdatePermission"); group.setFormat("maven2"); group.setProvider("maven2"); RepositoryGroupMemberRepository member = new RepositoryGroupMemberRepository(); member.setId("nexus-test-harness-repo"); group.addRepository(member); Response response = this.groupUtil.sendMessage(Method.POST, group); Assert.assertEquals(response.getStatus().getCode(), 201, "Response status: "); group = this.groupUtil.getGroup(group.getId()); TestContainer.getInstance().getTestContext().setUsername("test-user"); TestContainer.getInstance().getTestContext().setPassword("admin123"); // update repo group.setName("tesUpdatePermission2"); response = this.groupUtil.sendMessage(Method.PUT, group); Assert.assertEquals(response.getStatus().getCode(), 403, "Response status: "); // use admin TestContainer.getInstance().getTestContext().useAdminForRequests(); // now give update this.giveUserPrivilege("test-user", "15"); TestContainer.getInstance().getTestContext().setUsername("test-user"); TestContainer.getInstance().getTestContext().setPassword("admin123"); // should work now... response = this.groupUtil.sendMessage(Method.PUT, group); Assert.assertEquals(response.getStatus().getCode(), 200, "Response status: "); // read should succeed (inherited) response = this.groupUtil.sendMessage(Method.GET, group); Assert.assertEquals(response.getStatus().getCode(), 200, "Response status: "); // update should fail response = this.groupUtil.sendMessage(Method.POST, group); Assert.assertEquals(response.getStatus().getCode(), 403, "Response status: "); // delete should fail response = this.groupUtil.sendMessage(Method.DELETE, group); Assert.assertEquals(response.getStatus().getCode(), 403, "Response status: "); }