1 /** 2 * Copyright 2005-2011 The Kuali Foundation 3 * 4 * Licensed under the Educational Community License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.opensource.org/licenses/ecl2.php 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package org.kuali.rice.kim.test.service; 17 18 import org.junit.Before; 19 import org.junit.Test; 20 import org.kuali.rice.core.api.membership.MemberType; 21 import org.kuali.rice.kim.api.role.Role; 22 import org.kuali.rice.kim.api.role.RoleMembership; 23 import org.kuali.rice.kim.api.role.RoleService; 24 import org.kuali.rice.kim.api.services.KimApiServiceLocator; 25 import org.kuali.rice.kim.api.permission.PermissionService; 26 import org.kuali.rice.kim.test.KIMTestCase; 27 28 import java.util.ArrayList; 29 import java.util.Collection; 30 import java.util.Collections; 31 import java.util.Iterator; 32 33 import static org.junit.Assert.*; 34 35 /** 36 * This is a description of what this class does - kellerj don't forget to fill this in. 37 * 38 * @author Kuali Rice Team (rice.collab@kuali.org) 39 * 40 */ 41 public class AuthorizationServiceImplTest extends KIMTestCase { 42 43 private PermissionService permissionService; 44 private RoleService roleService; 45 46 private String principal1Id = "p1"; 47 private String principal2Id = "p2"; 48 private String principal3Id = "p3"; 49 50 private String group1Id = "g1"; 51 52 private String role1Id = "r1"; 53 private String role1NamespaceCode = "AUTH_SVC_TEST1"; 54 private String role1Description = "Role 1 Description"; 55 private String role1Name = "RoleOne"; 56 57 private String role2Id = "r2"; 58 private String role2NamespaceCode = "AUTH_SVC_TEST2"; 59 private String role2Description = "Role 2 Description"; 60 private String role2Name = "RoleTwo"; 61 62 private String permission1Name = "perm1"; 63 private String permission1NamespaceCode = "KR-NS"; 64 private String permission1Id = "p1"; 65 66 private String permission2Name = "perm2"; 67 private String permission2NamespaceCode = "KR-NS"; 68 private String permission2Id = "p2"; 69 70 private String permission3Name = "perm3"; 71 private String permission3NamespaceCode = "KR-NS"; 72 private String permission3Id = "p3"; 73 74 75 @Before 76 public void setUp() throws Exception { 77 super.setUp(); 78 79 permissionService = KimApiServiceLocator.getPermissionService(); 80 roleService = KimApiServiceLocator.getRoleService(); 81 82 // 83 // 84 // // set up Role "r1" with principal p1 85 // RoleBo role1 = new RoleBo(); 86 // role1.setId(role1Id); 87 // role1.setActive(true); 88 // role1.setKimTypeId(getDefaultKimType().getId()); 89 // role1.setNamespaceCode(role1NamespaceCode); 90 // role1.setDescription(role1Description); 91 // role1.setName(role1Name); 92 // List<RoleMemberBo> members1 = new ArrayList<RoleMemberBo>(); 93 // role1.setMembers(members1); 94 // RoleMemberBo p1Member = new RoleMemberBo(); 95 // p1Member.setMemberId(principal1Id); 96 // p1Member.setMemberTypeCode("P"); 97 // p1Member.setRoleId(role1Id); 98 // p1Member.setRoleMemberId(getNewRoleMemberId()); 99 // members1.add(p1Member); 100 // KRADServiceLocator.getBusinessObjectService().save(role1); 101 // 102 // // set up Role "r2" with principal p3, group g1 and role r1 103 // RoleBo role2 = new RoleBo(); 104 // role2.setId(role2Id); 105 // role2.setActive(true); 106 // role2.setKimTypeId(getDefaultKimType().getId()); 107 // role2.setNamespaceCode(role2NamespaceCode); 108 // role2.setDescription(role2Description); 109 // role2.setName(role2Name); 110 // List<RoleMemberBo> members2 = new ArrayList<RoleMemberBo>(); 111 // role2.setMembers(members2); 112 // RoleMemberBo p3Member = new RoleMemberBo(); 113 // p3Member.setMemberId(principal3Id); 114 // p3Member.setMemberTypeCode("P"); 115 // p3Member.setRoleId(role2Id); 116 // p3Member.setRoleMemberId(getNewRoleMemberId()); 117 // members2.add(p3Member); 118 // RoleMemberBo g1Member = new RoleMemberBo(); 119 // g1Member.setMemberId(group1Id); 120 // g1Member.setMemberTypeCode("G"); 121 // g1Member.setRoleId(role2Id); 122 // g1Member.setRoleMemberId(getNewRoleMemberId()); 123 // members2.add(g1Member); 124 // RoleMemberBo r1Member = new RoleMemberBo(); 125 // r1Member.setMemberId(role1Id); 126 // r1Member.setMemberTypeCode("R"); 127 // r1Member.setRoleId(role2Id); 128 // r1Member.setRoleMemberId(getNewRoleMemberId()); 129 // members2.add(r1Member); 130 // KRADServiceLocator.getBusinessObjectService().save(role2); 131 // 132 // // setup permissions 133 // 134 // KimPermissionTemplateImpl defaultTemplate = getDefaultPermissionTemplate(); 135 // 136 // KimPermissionImpl permission1 = new KimPermissionImpl(); 137 // permission1.setActive(true); 138 // permission1.setDescription("permission1"); 139 // permission1.setName(permission1Name); 140 // permission1.setNamespaceCode(permission1NamespaceCode); 141 // permission1.setPermissionId(permission1Id); 142 // permission1.setTemplateId(defaultTemplate.getPermissionTemplateId()); 143 // permission1.setTemplate(defaultTemplate); 144 // KRADServiceLocator.getBusinessObjectService().save(permission1); 145 // 146 // KimPermissionImpl permission2 = new KimPermissionImpl(); 147 // permission2.setActive(true); 148 // permission2.setDescription("permission2"); 149 // permission2.setName(permission2Name); 150 // permission2.setNamespaceCode(permission2NamespaceCode); 151 // permission2.setPermissionId(permission2Id); 152 // permission2.setTemplateId(defaultTemplate.getPermissionTemplateId()); 153 // permission2.setTemplate(defaultTemplate); 154 // KRADServiceLocator.getBusinessObjectService().save(permission2); 155 // 156 // KimPermissionImpl permission3 = new KimPermissionImpl(); 157 // permission3.setActive(true); 158 // permission3.setDescription("permission3"); 159 // permission3.setName(permission3Name); 160 // permission3.setNamespaceCode(permission3NamespaceCode); 161 // permission3.setPermissionId(permission3Id); 162 // permission3.setTemplateId(defaultTemplate.getPermissionTemplateId()); 163 // permission3.setTemplate(defaultTemplate); 164 // KRADServiceLocator.getBusinessObjectService().save(permission3); 165 // 166 // // assign permissions to roles 167 // // p1 -> r1 168 // // p2 -> r1 169 // // p3 -> r2 170 // 171 // RolePermissionImpl role1Perm1 = new RolePermissionImpl(); 172 // role1Perm1.setActive(true); 173 // role1Perm1.setRoleId(role1Id); 174 // role1Perm1.setPermissionId(permission1Id); 175 // role1Perm1.setRolePermissionId(getNewRolePermissionId()); 176 // KRADServiceLocator.getBusinessObjectService().save(role1Perm1); 177 // 178 // RolePermissionImpl role1Perm2 = new RolePermissionImpl(); 179 // role1Perm2.setActive(true); 180 // role1Perm2.setRoleId(role1Id); 181 // role1Perm2.setPermissionId(permission2Id); 182 // role1Perm2.setRolePermissionId(getNewRolePermissionId()); 183 // KRADServiceLocator.getBusinessObjectService().save(role1Perm2); 184 // 185 // RolePermissionImpl role2Perm3 = new RolePermissionImpl(); 186 // role2Perm3.setActive(true); 187 // role2Perm3.setRoleId(role2Id); 188 // role2Perm3.setPermissionId(permission3Id); 189 // role2Perm3.setRolePermissionId(getNewRolePermissionId()); 190 // KRADServiceLocator.getBusinessObjectService().save(role2Perm3); 191 } 192 193 @Test 194 public void testRoleMembership() { 195 Role role = roleService.getRole( role2Id ); 196 assertNotNull( "r2 must exist", role ); 197 ArrayList<String> roleList = new ArrayList<String>( 1 ); 198 roleList.add( role2Id ); 199 200 Collection<String> memberPrincipalIds = roleService.getRoleMemberPrincipalIds(role2NamespaceCode, role2Name, Collections.<String, String>emptyMap()); 201 assertNotNull(memberPrincipalIds); 202 assertEquals("RoleTwo should have 6 principal ids", 5, memberPrincipalIds.size()); 203 assertTrue( "p3 must belong to role", memberPrincipalIds.contains(principal3Id) ); 204 assertTrue( "p2 must belong to role (assigned via group)", memberPrincipalIds.contains(principal2Id) ); 205 assertTrue( "p1 must belong to r2 (via r1)", memberPrincipalIds.contains(principal1Id) ); 206 207 Collection<RoleMembership> members = roleService.getRoleMembers( roleList, Collections.<String, String>emptyMap() ); 208 assertNotNull( "returned list may not be null", members ); 209 assertFalse( "list must not be empty", members.isEmpty() ); 210 assertEquals("Returned list must have 4 members.", 4, members.size()); 211 boolean foundP3 = false; 212 boolean foundG1 = false; 213 boolean foundR1 = false; 214 for (RoleMembership member : members) { 215 if (member.getMemberId().equals(principal3Id) && member.getType().equals(MemberType.PRINCIPAL)) { 216 foundP3 = true; 217 } else if (member.getMemberId().equals(group1Id) && member.getType().equals(MemberType.GROUP)) { 218 foundG1 = true; 219 } else if (member.getMemberId().equals(principal1Id) && member.getType().equals(MemberType.PRINCIPAL)) { 220 foundR1 = true; 221 assertEquals("Should have r1 embedded role id.", role1Id, member.getEmbeddedRoleId()); 222 } 223 } 224 assertTrue("Failed to find p3 principal member", foundP3); 225 assertTrue("Failed to find g1 group member", foundG1); 226 assertTrue("Failed to find r1 role member", foundR1); 227 228 role = roleService.getRole( role1Id ); 229 assertNotNull( "r1 must exist", role ); 230 roleList.clear(); 231 roleList.add( role1Id ); 232 members = roleService.getRoleMembers( roleList, Collections.<String, String>emptyMap() ); 233 assertNotNull( "returned list may not be null", members ); 234 assertEquals("Should have 2 members", 2, members.size()); 235 Iterator<RoleMembership> iter = members.iterator(); 236 assertTrue("One of those members should be p1.", principal1Id.equals(iter.next().getMemberId()) || principal1Id.equals(iter.next().getMemberId())); 237 } 238 239 // @Test 240 // public void testGetPermissionsForRole() { 241 // List<PermissionDetailInfo> perms = authorizationService.getPermissionsForRole( "r1" ); 242 // System.out.println( "r1: " + perms ); 243 // assertTrue( "r1 must have perm1 (direct)", hasPermission( perms, "perm1" ) ); 244 // assertTrue( "r1 must have perm2 (direct)", hasPermission( perms, "perm2" ) ); 245 // assertTrue( "r1 must have perm3 (via r2)", hasPermission( perms, "perm3" ) ); 246 // perms = authorizationService.getPermissionsForRole( "r2" ); 247 // System.out.println( "r2: " + perms ); 248 // assertTrue( "r2 must have perm3 (direct)", hasPermission( perms, "perm3" ) ); 249 // assertFalse( "r2 must not have perm1", hasPermission( perms, "perm1" ) ); 250 // assertFalse( "r2 must not have perm2", hasPermission( perms, "perm2" ) ); 251 // } 252 253 @Test 254 public void testHasPermission() { 255 256 assertTrue( "p1 must have perm1 (via r1)", permissionService.hasPermission( "p1", "KR-NS", "perm1", Collections.<String, String>emptyMap() )); 257 assertTrue( "p1 must have perm2 (via r1)", permissionService.hasPermission( "p1", "KR-NS", "perm2", Collections.<String, String>emptyMap() ) ); 258 assertTrue( "p1 must have perm3 (via r2)", permissionService.hasPermission( "p1", "KR-NS", "perm3", Collections.<String, String>emptyMap() ) ); 259 assertTrue( "p3 must have perm3 (via r2)", permissionService.hasPermission( "p3", "KR-NS", "perm3", Collections.<String, String>emptyMap() ) ); 260 assertFalse( "p3 must not have perm1", permissionService.hasPermission( "p3", "KR-NS", "perm1", Collections.<String, String>emptyMap()) ); 261 assertFalse( "p3 must not have perm2", permissionService.hasPermission( "p3", "KR-NS", "perm2", Collections.<String, String>emptyMap()) ); 262 } 263 264 // protected boolean hasPermission( List<PermissionDetailsInfo> perms, String permissionId ) { 265 // for ( PermissionDetailsInfo perm : perms ) { 266 // if ( perm.getPermissionId().equals( permissionId ) ) { 267 // return true; 268 // } 269 // } 270 // return false; 271 // } 272 // test that only active roles/permissions are used 273 // test that only roles attached to active groups are returned 274 // check that implied/implying lists are correct 275 // check qualification matching 276 // need hierarchical test for qualification matching 277 // check namespace filters 278 279 // non-qualified role/permission checks 280 // qualified role/permission checks 281 // add type services in test spring startup? - how in rice? 282 283 }