1   package org.apache.turbine.services.security;
2   
3   /*
4    * Copyright 2001-2005 The Apache Software Foundation.
5    *
6    * Licensed under the Apache License, Version 2.0 (the "License")
7    * you may not use this file except in compliance with the License.
8    * You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  import junit.framework.Test;
20  import junit.framework.TestSuite;
21  
22  import org.apache.turbine.om.security.Permission;
23  import org.apache.turbine.om.security.Role;
24  import org.apache.turbine.test.BaseTurbineHsqlTest;
25  import org.apache.turbine.util.security.DataBackendException;
26  import org.apache.turbine.util.security.EntityExistsException;
27  import org.apache.turbine.util.security.PermissionSet;
28  import org.apache.turbine.util.security.UnknownEntityException;
29  
30  public class TestSecurityPermission
31          extends BaseTurbineHsqlTest
32  {
33      public TestSecurityPermission(String name)
34              throws Exception
35      {
36          super(name, "conf/test/TurbineResources.properties");
37      }
38  
39      public static Test suite()
40      {
41          return new TestSuite(TestSecurityPermission.class);
42      }
43  
44      public void testInit()
45      {
46          SecurityService ss = TurbineSecurity.getService();
47          assertTrue("Service failed to initialize", ss.getInit());
48      }
49  
50      public void testPermissionByName()
51              throws Exception
52      {
53          SecurityService ss = TurbineSecurity.getService();
54  
55          Permission permission = ss.getPermissionByName("Login");
56          assertNotNull(permission);
57          assertEquals(permission.getName(), "Login");
58      }
59  
60      public void testPermissionById()
61              throws Exception
62      {
63          SecurityService ss = TurbineSecurity.getService();
64  
65          Permission permission = ss.getPermissionById(2);
66          assertNotNull(permission);
67          assertEquals(permission.getName(), "Application");
68      }
69  
70      public void testAllPermissions()
71              throws Exception
72      {
73          SecurityService ss = TurbineSecurity.getService();
74  
75          PermissionSet gs = ss.getAllPermissions();
76  
77          assertEquals(3, gs.size());
78      }
79  
80      public void testAddPermission()
81      	throws Exception
82      {
83          SecurityService ss = TurbineSecurity.getService();
84  
85          Permission newbie = ss.getPermissionInstance();
86          newbie.setName("newbie");
87  
88          ss.addPermission(newbie);
89  
90          assertEquals("Permission was not added", 4, ss.getAllPermissions().size());
91  
92          try
93          {
94              Permission application = ss.getPermissionByName("Application");
95  
96              ss.addPermission(application);
97              fail("Existing Permission could be added!");
98          }
99          catch (Exception e)
100         {
101             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), EntityExistsException.class, e.getClass());
102         }
103 
104         try
105         {
106             Permission empty = ss.getPermissionInstance();
107 
108             ss.addPermission(empty);
109             fail("Permission with empty Permissionname could be added!");
110         }
111         catch (Exception e)
112         {
113             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), DataBackendException.class, e.getClass());
114         }
115 
116         assertEquals("Permission was not added", 4, ss.getAllPermissions().size());
117     }
118 
119     public void testRemovePermission()
120     	throws Exception
121     {
122     	SecurityService ss = TurbineSecurity.getService();
123 
124     	assertEquals("Permission was not added", 4, ss.getAllPermissions().size());
125 
126         Permission newbie = ss.getPermissionByName("newbie");
127         assertNotNull(newbie);
128 
129         ss.removePermission(newbie);
130 
131         try
132         {
133             Permission foo = ss.getPermissionInstance();
134             foo.setName("foo");
135 
136             ss.removePermission(foo);
137             fail("Non Existing Permission could be deleted!");
138         }
139         catch (Exception e)
140         {
141             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
142         }
143 
144         assertEquals("Permission was not removed", 3, ss.getAllPermissions().size());
145     }
146 
147     public void testGrantPermission()
148             throws Exception
149     {
150         SecurityService ss = TurbineSecurity.getService();
151 
152         Role admin = ss.getRoleByName("Admin");
153         assertNotNull(admin);
154 
155         Permission app = ss.getPermissionByName("Application");
156         assertNotNull(app);
157 
158         PermissionSet ps = admin.getPermissions();
159         assertFalse(ps.contains(app));
160 
161         ss.grant(admin, app);
162 
163         Role admin2 = ss.getRoleByName("Admin");
164         assertNotNull(admin2);
165 
166         PermissionSet ps2 = admin2.getPermissions();
167         assertTrue(ps2.contains(app));
168 
169         // Get existing PermissionSet modified?
170         assertFalse(ps.contains(app));
171 
172         try
173         {
174             ss.grant(admin2, app);
175             fail("Permission could be granted twice!");
176         }
177         catch (Exception e)
178         {
179             //
180             // Ugh. DataBackendError? This means that our query actually hit the database and only the "unique key"
181             // prevented us from a double entry. This seems to be a bug
182             //
183             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), DataBackendException.class, e.getClass());
184         }
185 
186         try
187         {
188             Permission unknown = ss.getPermissionInstance("unknown");
189 
190             ss.grant(admin, unknown);
191             fail("Nonexisting Permission could be granted!");
192         }
193         catch (Exception e)
194         {
195             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
196         }
197 
198     }
199 
200     public void testRevokePermission()
201             throws Exception
202     {
203         SecurityService ss = TurbineSecurity.getService();
204 
205         Role admin = ss.getRoleByName("Admin");
206         assertNotNull(admin);
207 
208         Permission app = ss.getPermissionByName("Application");
209         assertNotNull(app);
210 
211         PermissionSet ps = admin.getPermissions();
212         assertTrue(ps.contains(app));
213 
214         ss.revoke(admin, app);
215 
216         Role admin2 = ss.getRoleByName("Admin");
217         assertNotNull(admin2);
218 
219         PermissionSet ps2 = admin2.getPermissions();
220         assertFalse(ps2.contains(app));
221 
222         // Get existing PermissionSet modified?
223         assertTrue(ps.contains(app));
224 
225          try
226          {
227              Permission unknown = ss.getPermissionInstance("unknown");
228              ss.revoke(admin, unknown);
229              fail("Nonexisting Permission could be revoked!");
230          }
231          catch (Exception e)
232          {
233              assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
234          }
235 
236 //
237 // One can revoke an existing permission in an existing group, even if this permission was
238 // never granted to an role. While this is not really a bug, this might be
239 // something that should be checked in the long run.
240 //
241 //         try
242 //         {
243 //             ss.revoke(admin2, app);
244 //             fail("Permission could be revoked twice!");
245 //         }
246 //         catch (Exception e)
247 //         {
248 //             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
249 //         }
250 
251 //         try
252 //         {
253 //             Permission login = ss.getPermissionByName("Login");
254 //             ss.revoke(admin, login);
255 //             fail("Permission could be revoked from wrong group!");
256 //         }
257 //         catch (Exception e)
258 //         {
259 //             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
260 //         }
261 
262     }
263 
264     public void testRevokeAll()
265             throws Exception
266     {
267         SecurityService ss = TurbineSecurity.getService();
268 
269         Role user = ss.getRoleByName("User");
270         assertNotNull(user);
271 
272         PermissionSet ps = user.getPermissions();
273         assertEquals(2, ps.size());
274 
275         ss.revokeAll(user);
276 
277         Role user2 = ss.getRoleByName("User");
278         assertNotNull(user2);
279 
280         PermissionSet ps2 = user2.getPermissions();
281         assertEquals(0, ps2.size());
282     }
283 
284     public void testSavePermission()
285     	throws Exception
286     {
287         SecurityService ss = TurbineSecurity.getService();
288 
289         Permission application = ss.getPermissionByName("Application");
290 
291         ss.savePermission(application);
292 
293         try
294         {
295             Permission fake = ss.getPermissionInstance("fake");
296 
297             ss.savePermission(fake);
298             fail("Non Existing Permission could be saved!");
299         }
300         catch (Exception e)
301         {
302             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
303         }
304     }
305 
306     public void testRenamePermission()
307     	throws Exception
308     {
309         SecurityService ss = TurbineSecurity.getService();
310 
311         Permission newbie = ss.getPermissionInstance("newbie");
312         ss.addPermission(newbie);
313 
314         Permission test = ss.getPermissionByName("newbie");
315         assertNotNull(test);
316 
317         ss.renamePermission(test, "fake");
318 
319         Permission fake = ss.getPermissionByName("fake");
320         assertNotNull(fake);
321 
322 //
323 // Now this is a Turbine Bug...
324 //
325 //          try
326 //          {
327 //              PermissionSet gs = ss.getPermissions(new org.apache.torque.util.Criteria());
328 //              assertEquals(4, gs.size());
329 
330 //              ss.renamePermission(fake, "Application");
331 
332 //              PermissionSet gs2 = ss.getPermissions(new org.apache.torque.util.Criteria());
333 //              assertEquals("Two permissions with the same name exist!", 3, gs2.size());
334 
335 //              fail("Permission could be renamed to existing Permission and got lost from the database!");
336 //          }
337 //          catch (Exception e)
338 //          {
339 //              assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), EntityExistsException.class);
340 //          }
341      }
342 }