001 /**
002 * Copyright 2005-2011 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016 package org.kuali.rice.kim.test.service;
017
018 import org.junit.Before;
019 import org.junit.Test;
020 import org.kuali.rice.core.api.membership.MemberType;
021 import org.kuali.rice.kim.api.role.Role;
022 import org.kuali.rice.kim.api.role.RoleMembership;
023 import org.kuali.rice.kim.api.role.RoleService;
024 import org.kuali.rice.kim.api.services.KimApiServiceLocator;
025 import org.kuali.rice.kim.api.permission.PermissionService;
026 import org.kuali.rice.kim.test.KIMTestCase;
027
028 import java.util.ArrayList;
029 import java.util.Collection;
030 import java.util.Collections;
031 import java.util.Iterator;
032
033 import static org.junit.Assert.*;
034
035 /**
036 * This is a description of what this class does - kellerj don't forget to fill this in.
037 *
038 * @author Kuali Rice Team (rice.collab@kuali.org)
039 *
040 */
041 public class AuthorizationServiceImplTest extends KIMTestCase {
042
043 private PermissionService permissionService;
044 private RoleService roleService;
045
046 private String principal1Id = "p1";
047 private String principal2Id = "p2";
048 private String principal3Id = "p3";
049
050 private String group1Id = "g1";
051
052 private String role1Id = "r1";
053 private String role1NamespaceCode = "AUTH_SVC_TEST1";
054 private String role1Description = "Role 1 Description";
055 private String role1Name = "RoleOne";
056
057 private String role2Id = "r2";
058 private String role2NamespaceCode = "AUTH_SVC_TEST2";
059 private String role2Description = "Role 2 Description";
060 private String role2Name = "RoleTwo";
061
062 private String permission1Name = "perm1";
063 private String permission1NamespaceCode = "KR-NS";
064 private String permission1Id = "p1";
065
066 private String permission2Name = "perm2";
067 private String permission2NamespaceCode = "KR-NS";
068 private String permission2Id = "p2";
069
070 private String permission3Name = "perm3";
071 private String permission3NamespaceCode = "KR-NS";
072 private String permission3Id = "p3";
073
074
075 @Before
076 public void setUp() throws Exception {
077 super.setUp();
078
079 permissionService = KimApiServiceLocator.getPermissionService();
080 roleService = KimApiServiceLocator.getRoleService();
081
082 //
083 //
084 // // set up Role "r1" with principal p1
085 // RoleBo role1 = new RoleBo();
086 // role1.setId(role1Id);
087 // role1.setActive(true);
088 // role1.setKimTypeId(getDefaultKimType().getId());
089 // role1.setNamespaceCode(role1NamespaceCode);
090 // role1.setDescription(role1Description);
091 // role1.setName(role1Name);
092 // List<RoleMemberBo> members1 = new ArrayList<RoleMemberBo>();
093 // role1.setMembers(members1);
094 // RoleMemberBo p1Member = new RoleMemberBo();
095 // p1Member.setMemberId(principal1Id);
096 // p1Member.setMemberTypeCode("P");
097 // p1Member.setRoleId(role1Id);
098 // p1Member.setRoleMemberId(getNewRoleMemberId());
099 // members1.add(p1Member);
100 // KRADServiceLocator.getBusinessObjectService().save(role1);
101 //
102 // // set up Role "r2" with principal p3, group g1 and role r1
103 // RoleBo role2 = new RoleBo();
104 // role2.setId(role2Id);
105 // role2.setActive(true);
106 // role2.setKimTypeId(getDefaultKimType().getId());
107 // role2.setNamespaceCode(role2NamespaceCode);
108 // role2.setDescription(role2Description);
109 // role2.setName(role2Name);
110 // List<RoleMemberBo> members2 = new ArrayList<RoleMemberBo>();
111 // role2.setMembers(members2);
112 // RoleMemberBo p3Member = new RoleMemberBo();
113 // p3Member.setMemberId(principal3Id);
114 // p3Member.setMemberTypeCode("P");
115 // p3Member.setRoleId(role2Id);
116 // p3Member.setRoleMemberId(getNewRoleMemberId());
117 // members2.add(p3Member);
118 // RoleMemberBo g1Member = new RoleMemberBo();
119 // g1Member.setMemberId(group1Id);
120 // g1Member.setMemberTypeCode("G");
121 // g1Member.setRoleId(role2Id);
122 // g1Member.setRoleMemberId(getNewRoleMemberId());
123 // members2.add(g1Member);
124 // RoleMemberBo r1Member = new RoleMemberBo();
125 // r1Member.setMemberId(role1Id);
126 // r1Member.setMemberTypeCode("R");
127 // r1Member.setRoleId(role2Id);
128 // r1Member.setRoleMemberId(getNewRoleMemberId());
129 // members2.add(r1Member);
130 // KRADServiceLocator.getBusinessObjectService().save(role2);
131 //
132 // // setup permissions
133 //
134 // KimPermissionTemplateImpl defaultTemplate = getDefaultPermissionTemplate();
135 //
136 // KimPermissionImpl permission1 = new KimPermissionImpl();
137 // permission1.setActive(true);
138 // permission1.setDescription("permission1");
139 // permission1.setName(permission1Name);
140 // permission1.setNamespaceCode(permission1NamespaceCode);
141 // permission1.setPermissionId(permission1Id);
142 // permission1.setTemplateId(defaultTemplate.getPermissionTemplateId());
143 // permission1.setTemplate(defaultTemplate);
144 // KRADServiceLocator.getBusinessObjectService().save(permission1);
145 //
146 // KimPermissionImpl permission2 = new KimPermissionImpl();
147 // permission2.setActive(true);
148 // permission2.setDescription("permission2");
149 // permission2.setName(permission2Name);
150 // permission2.setNamespaceCode(permission2NamespaceCode);
151 // permission2.setPermissionId(permission2Id);
152 // permission2.setTemplateId(defaultTemplate.getPermissionTemplateId());
153 // permission2.setTemplate(defaultTemplate);
154 // KRADServiceLocator.getBusinessObjectService().save(permission2);
155 //
156 // KimPermissionImpl permission3 = new KimPermissionImpl();
157 // permission3.setActive(true);
158 // permission3.setDescription("permission3");
159 // permission3.setName(permission3Name);
160 // permission3.setNamespaceCode(permission3NamespaceCode);
161 // permission3.setPermissionId(permission3Id);
162 // permission3.setTemplateId(defaultTemplate.getPermissionTemplateId());
163 // permission3.setTemplate(defaultTemplate);
164 // KRADServiceLocator.getBusinessObjectService().save(permission3);
165 //
166 // // assign permissions to roles
167 // // p1 -> r1
168 // // p2 -> r1
169 // // p3 -> r2
170 //
171 // RolePermissionImpl role1Perm1 = new RolePermissionImpl();
172 // role1Perm1.setActive(true);
173 // role1Perm1.setRoleId(role1Id);
174 // role1Perm1.setPermissionId(permission1Id);
175 // role1Perm1.setRolePermissionId(getNewRolePermissionId());
176 // KRADServiceLocator.getBusinessObjectService().save(role1Perm1);
177 //
178 // RolePermissionImpl role1Perm2 = new RolePermissionImpl();
179 // role1Perm2.setActive(true);
180 // role1Perm2.setRoleId(role1Id);
181 // role1Perm2.setPermissionId(permission2Id);
182 // role1Perm2.setRolePermissionId(getNewRolePermissionId());
183 // KRADServiceLocator.getBusinessObjectService().save(role1Perm2);
184 //
185 // RolePermissionImpl role2Perm3 = new RolePermissionImpl();
186 // role2Perm3.setActive(true);
187 // role2Perm3.setRoleId(role2Id);
188 // role2Perm3.setPermissionId(permission3Id);
189 // role2Perm3.setRolePermissionId(getNewRolePermissionId());
190 // KRADServiceLocator.getBusinessObjectService().save(role2Perm3);
191 }
192
193 @Test
194 public void testRoleMembership() {
195 Role role = roleService.getRole( role2Id );
196 assertNotNull( "r2 must exist", role );
197 ArrayList<String> roleList = new ArrayList<String>( 1 );
198 roleList.add( role2Id );
199
200 Collection<String> memberPrincipalIds = roleService.getRoleMemberPrincipalIds(role2NamespaceCode, role2Name, Collections.<String, String>emptyMap());
201 assertNotNull(memberPrincipalIds);
202 assertEquals("RoleTwo should have 6 principal ids", 5, memberPrincipalIds.size());
203 assertTrue( "p3 must belong to role", memberPrincipalIds.contains(principal3Id) );
204 assertTrue( "p2 must belong to role (assigned via group)", memberPrincipalIds.contains(principal2Id) );
205 assertTrue( "p1 must belong to r2 (via r1)", memberPrincipalIds.contains(principal1Id) );
206
207 Collection<RoleMembership> members = roleService.getRoleMembers( roleList, Collections.<String, String>emptyMap() );
208 assertNotNull( "returned list may not be null", members );
209 assertFalse( "list must not be empty", members.isEmpty() );
210 assertEquals("Returned list must have 4 members.", 4, members.size());
211 boolean foundP3 = false;
212 boolean foundG1 = false;
213 boolean foundR1 = false;
214 for (RoleMembership member : members) {
215 if (member.getMemberId().equals(principal3Id) && member.getType().equals(MemberType.PRINCIPAL)) {
216 foundP3 = true;
217 } else if (member.getMemberId().equals(group1Id) && member.getType().equals(MemberType.GROUP)) {
218 foundG1 = true;
219 } else if (member.getMemberId().equals(principal1Id) && member.getType().equals(MemberType.PRINCIPAL)) {
220 foundR1 = true;
221 assertEquals("Should have r1 embedded role id.", role1Id, member.getEmbeddedRoleId());
222 }
223 }
224 assertTrue("Failed to find p3 principal member", foundP3);
225 assertTrue("Failed to find g1 group member", foundG1);
226 assertTrue("Failed to find r1 role member", foundR1);
227
228 role = roleService.getRole( role1Id );
229 assertNotNull( "r1 must exist", role );
230 roleList.clear();
231 roleList.add( role1Id );
232 members = roleService.getRoleMembers( roleList, Collections.<String, String>emptyMap() );
233 assertNotNull( "returned list may not be null", members );
234 assertEquals("Should have 2 members", 2, members.size());
235 Iterator<RoleMembership> iter = members.iterator();
236 assertTrue("One of those members should be p1.", principal1Id.equals(iter.next().getMemberId()) || principal1Id.equals(iter.next().getMemberId()));
237 }
238
239 // @Test
240 // public void testGetPermissionsForRole() {
241 // List<PermissionDetailInfo> perms = authorizationService.getPermissionsForRole( "r1" );
242 // System.out.println( "r1: " + perms );
243 // assertTrue( "r1 must have perm1 (direct)", hasPermission( perms, "perm1" ) );
244 // assertTrue( "r1 must have perm2 (direct)", hasPermission( perms, "perm2" ) );
245 // assertTrue( "r1 must have perm3 (via r2)", hasPermission( perms, "perm3" ) );
246 // perms = authorizationService.getPermissionsForRole( "r2" );
247 // System.out.println( "r2: " + perms );
248 // assertTrue( "r2 must have perm3 (direct)", hasPermission( perms, "perm3" ) );
249 // assertFalse( "r2 must not have perm1", hasPermission( perms, "perm1" ) );
250 // assertFalse( "r2 must not have perm2", hasPermission( perms, "perm2" ) );
251 // }
252
253 @Test
254 public void testHasPermission() {
255
256 assertTrue( "p1 must have perm1 (via r1)", permissionService.hasPermission( "p1", "KR-NS", "perm1" ));
257 assertTrue( "p1 must have perm2 (via r1)", permissionService.hasPermission( "p1", "KR-NS", "perm2" ) );
258 assertTrue( "p1 must have perm3 (via r2)", permissionService.hasPermission( "p1", "KR-NS", "perm3" ) );
259 assertTrue( "p3 must have perm3 (via r2)", permissionService.hasPermission( "p3", "KR-NS", "perm3" ) );
260 assertFalse( "p3 must not have perm1", permissionService.hasPermission( "p3", "KR-NS", "perm1") );
261 assertFalse( "p3 must not have perm2", permissionService.hasPermission( "p3", "KR-NS", "perm2") );
262 }
263
264 // protected boolean hasPermission( List<PermissionDetailsInfo> perms, String permissionId ) {
265 // for ( PermissionDetailsInfo perm : perms ) {
266 // if ( perm.getPermissionId().equals( permissionId ) ) {
267 // return true;
268 // }
269 // }
270 // return false;
271 // }
272 // test that only active roles/permissions are used
273 // test that only roles attached to active groups are returned
274 // check that implied/implying lists are correct
275 // check qualification matching
276 // need hierarchical test for qualification matching
277 // check namespace filters
278
279 // non-qualified role/permission checks
280 // qualified role/permission checks
281 // add type services in test spring startup? - how in rice?
282
283 }