1   package org.apache.turbine.services.security;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import junit.framework.Test;
23  import junit.framework.TestSuite;
24  
25  import org.apache.turbine.om.security.Permission;
26  import org.apache.turbine.om.security.Role;
27  import org.apache.turbine.test.BaseTurbineHsqlTest;
28  import org.apache.turbine.util.security.DataBackendException;
29  import org.apache.turbine.util.security.EntityExistsException;
30  import org.apache.turbine.util.security.PermissionSet;
31  import org.apache.turbine.util.security.UnknownEntityException;
32  
33  public class TestSecurityPermission
34          extends BaseTurbineHsqlTest
35  {
36      public TestSecurityPermission(String name)
37              throws Exception
38      {
39          super(name, "conf/test/TurbineResources.properties");
40      }
41  
42      public static Test suite()
43      {
44          return new TestSuite(TestSecurityPermission.class);
45      }
46  
47      public void testInit()
48      {
49          SecurityService ss = TurbineSecurity.getService();
50          assertTrue("Service failed to initialize", ss.getInit());
51      }
52  
53      public void testPermissionByName()
54              throws Exception
55      {
56          SecurityService ss = TurbineSecurity.getService();
57  
58          Permission permission = ss.getPermissionByName("Login");
59          assertNotNull(permission);
60          assertEquals(permission.getName(), "Login");
61      }
62  
63      public void testPermissionById()
64              throws Exception
65      {
66          SecurityService ss = TurbineSecurity.getService();
67  
68          Permission permission = ss.getPermissionById(2);
69          assertNotNull(permission);
70          assertEquals(permission.getName(), "Application");
71      }
72  
73      public void testAllPermissions()
74              throws Exception
75      {
76          SecurityService ss = TurbineSecurity.getService();
77  
78          PermissionSet gs = ss.getAllPermissions();
79  
80          assertEquals(3, gs.size());
81      }
82  
83      public void testAddPermission()
84      	throws Exception
85      {
86          SecurityService ss = TurbineSecurity.getService();
87  
88          Permission newbie = ss.getPermissionInstance();
89          newbie.setName("newbie");
90  
91          ss.addPermission(newbie);
92  
93          assertEquals("Permission was not added", 4, ss.getAllPermissions().size());
94  
95          try
96          {
97              Permission application = ss.getPermissionByName("Application");
98  
99              ss.addPermission(application);
100             fail("Existing Permission could be added!");
101         }
102         catch (Exception e)
103         {
104             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), EntityExistsException.class, e.getClass());
105         }
106 
107         try
108         {
109             Permission empty = ss.getPermissionInstance();
110 
111             ss.addPermission(empty);
112             fail("Permission with empty Permissionname could be added!");
113         }
114         catch (Exception e)
115         {
116             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), DataBackendException.class, e.getClass());
117         }
118 
119         assertEquals("Permission was not added", 4, ss.getAllPermissions().size());
120     }
121 
122     public void testRemovePermission()
123     	throws Exception
124     {
125     	SecurityService ss = TurbineSecurity.getService();
126 
127     	assertEquals("Permission was not added", 4, ss.getAllPermissions().size());
128 
129         Permission newbie = ss.getPermissionByName("newbie");
130         assertNotNull(newbie);
131 
132         ss.removePermission(newbie);
133 
134         try
135         {
136             Permission foo = ss.getPermissionInstance();
137             foo.setName("foo");
138 
139             ss.removePermission(foo);
140             fail("Non Existing Permission could be deleted!");
141         }
142         catch (Exception e)
143         {
144             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
145         }
146 
147         assertEquals("Permission was not removed", 3, ss.getAllPermissions().size());
148     }
149 
150     public void testGrantPermission()
151             throws Exception
152     {
153         SecurityService ss = TurbineSecurity.getService();
154 
155         Role admin = ss.getRoleByName("Admin");
156         assertNotNull(admin);
157 
158         Permission app = ss.getPermissionByName("Application");
159         assertNotNull(app);
160 
161         PermissionSet ps = admin.getPermissions();
162         assertFalse(ps.contains(app));
163 
164         ss.grant(admin, app);
165 
166         Role admin2 = ss.getRoleByName("Admin");
167         assertNotNull(admin2);
168 
169         PermissionSet ps2 = admin2.getPermissions();
170         assertTrue(ps2.contains(app));
171 
172         // Get existing PermissionSet modified?
173         assertFalse(ps.contains(app));
174 
175         try
176         {
177             ss.grant(admin2, app);
178             fail("Permission could be granted twice!");
179         }
180         catch (Exception e)
181         {
182             //
183             // Ugh. DataBackendError? This means that our query actually hit the database and only the "unique key"
184             // prevented us from a double entry. This seems to be a bug
185             //
186             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), DataBackendException.class, e.getClass());
187         }
188 
189         try
190         {
191             Permission unknown = ss.getPermissionInstance("unknown");
192 
193             ss.grant(admin, unknown);
194             fail("Nonexisting Permission could be granted!");
195         }
196         catch (Exception e)
197         {
198             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
199         }
200 
201     }
202 
203     public void testRevokePermission()
204             throws Exception
205     {
206         SecurityService ss = TurbineSecurity.getService();
207 
208         Role admin = ss.getRoleByName("Admin");
209         assertNotNull(admin);
210 
211         Permission app = ss.getPermissionByName("Application");
212         assertNotNull(app);
213 
214         PermissionSet ps = admin.getPermissions();
215         assertTrue(ps.contains(app));
216 
217         ss.revoke(admin, app);
218 
219         Role admin2 = ss.getRoleByName("Admin");
220         assertNotNull(admin2);
221 
222         PermissionSet ps2 = admin2.getPermissions();
223         assertFalse(ps2.contains(app));
224 
225         // Get existing PermissionSet modified?
226         assertTrue(ps.contains(app));
227 
228          try
229          {
230              Permission unknown = ss.getPermissionInstance("unknown");
231              ss.revoke(admin, unknown);
232              fail("Nonexisting Permission could be revoked!");
233          }
234          catch (Exception e)
235          {
236              assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
237          }
238 
239 //
240 // One can revoke an existing permission in an existing group, even if this permission was
241 // never granted to an role. While this is not really a bug, this might be
242 // something that should be checked in the long run.
243 //
244 //         try
245 //         {
246 //             ss.revoke(admin2, app);
247 //             fail("Permission could be revoked twice!");
248 //         }
249 //         catch (Exception e)
250 //         {
251 //             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
252 //         }
253 
254 //         try
255 //         {
256 //             Permission login = ss.getPermissionByName("Login");
257 //             ss.revoke(admin, login);
258 //             fail("Permission could be revoked from wrong group!");
259 //         }
260 //         catch (Exception e)
261 //         {
262 //             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
263 //         }
264 
265     }
266 
267     public void testRevokeAll()
268             throws Exception
269     {
270         SecurityService ss = TurbineSecurity.getService();
271 
272         Role user = ss.getRoleByName("User");
273         assertNotNull(user);
274 
275         PermissionSet ps = user.getPermissions();
276         assertEquals(2, ps.size());
277 
278         ss.revokeAll(user);
279 
280         Role user2 = ss.getRoleByName("User");
281         assertNotNull(user2);
282 
283         PermissionSet ps2 = user2.getPermissions();
284         assertEquals(0, ps2.size());
285     }
286 
287     public void testSavePermission()
288     	throws Exception
289     {
290         SecurityService ss = TurbineSecurity.getService();
291 
292         Permission application = ss.getPermissionByName("Application");
293 
294         ss.savePermission(application);
295 
296         try
297         {
298             Permission fake = ss.getPermissionInstance("fake");
299 
300             ss.savePermission(fake);
301             fail("Non Existing Permission could be saved!");
302         }
303         catch (Exception e)
304         {
305             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
306         }
307     }
308 
309     public void testRenamePermission()
310     	throws Exception
311     {
312         SecurityService ss = TurbineSecurity.getService();
313 
314         Permission newbie = ss.getPermissionInstance("newbie");
315         ss.addPermission(newbie);
316 
317         Permission test = ss.getPermissionByName("newbie");
318         assertNotNull(test);
319 
320         ss.renamePermission(test, "fake");
321 
322         Permission fake = ss.getPermissionByName("fake");
323         assertNotNull(fake);
324 
325 //
326 // Now this is a Turbine Bug...
327 //
328 //          try
329 //          {
330 //              PermissionSet gs = ss.getPermissions(new org.apache.torque.util.Criteria());
331 //              assertEquals(4, gs.size());
332 
333 //              ss.renamePermission(fake, "Application");
334 
335 //              PermissionSet gs2 = ss.getPermissions(new org.apache.torque.util.Criteria());
336 //              assertEquals("Two permissions with the same name exist!", 3, gs2.size());
337 
338 //              fail("Permission could be renamed to existing Permission and got lost from the database!");
339 //          }
340 //          catch (Exception e)
341 //          {
342 //              assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), EntityExistsException.class);
343 //          }
344      }
345 }