001/** 002 * Copyright 2005-2014 The Kuali Foundation 003 * 004 * Licensed under the Educational Community License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.opensource.org/licenses/ecl2.php 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package org.kuali.rice.kim.test.service; 017 018import org.junit.Before; 019import org.junit.Test; 020import org.kuali.rice.core.api.membership.MemberType; 021import org.kuali.rice.kim.api.role.Role; 022import org.kuali.rice.kim.api.role.RoleMembership; 023import org.kuali.rice.kim.api.role.RoleService; 024import org.kuali.rice.kim.api.services.KimApiServiceLocator; 025import org.kuali.rice.kim.api.permission.PermissionService; 026import org.kuali.rice.kim.test.KIMTestCase; 027 028import java.util.ArrayList; 029import java.util.Collection; 030import java.util.Collections; 031import java.util.Iterator; 032 033import static org.junit.Assert.*; 034 035/** 036 * This is a description of what this class does - kellerj don't forget to fill this in. 037 * 038 * @author Kuali Rice Team (rice.collab@kuali.org) 039 * 040 */ 041public class AuthorizationServiceImplTest extends KIMTestCase { 042 043 private PermissionService permissionService; 044 private RoleService roleService; 045 046 private String principal1Id = "p1"; 047 private String principal2Id = "p2"; 048 private String principal3Id = "p3"; 049 050 private String group1Id = "g1"; 051 052 private String role1Id = "r1"; 053 private String role1NamespaceCode = "AUTH_SVC_TEST1"; 054 private String role1Description = "Role 1 Description"; 055 private String role1Name = "RoleOne"; 056 057 private String role2Id = "r2"; 058 private String role2NamespaceCode = "AUTH_SVC_TEST2"; 059 private String role2Description = "Role 2 Description"; 060 private String role2Name = "RoleTwo"; 061 062 private String permission1Name = "perm1"; 063 private String permission1NamespaceCode = "KR-NS"; 064 private String permission1Id = "p1"; 065 066 private String permission2Name = "perm2"; 067 private String permission2NamespaceCode = "KR-NS"; 068 private String permission2Id = "p2"; 069 070 private String permission3Name = "perm3"; 071 private String permission3NamespaceCode = "KR-NS"; 072 private String permission3Id = "p3"; 073 074 075 @Before 076 public void setUp() throws Exception { 077 super.setUp(); 078 079 permissionService = KimApiServiceLocator.getPermissionService(); 080 roleService = KimApiServiceLocator.getRoleService(); 081 082// 083// 084// // set up Role "r1" with principal p1 085// RoleBo role1 = new RoleBo(); 086// role1.setId(role1Id); 087// role1.setActive(true); 088// role1.setKimTypeId(getDefaultKimType().getId()); 089// role1.setNamespaceCode(role1NamespaceCode); 090// role1.setDescription(role1Description); 091// role1.setName(role1Name); 092// List<RoleMemberBo> members1 = new ArrayList<RoleMemberBo>(); 093// role1.setMembers(members1); 094// RoleMemberBo p1Member = new RoleMemberBo(); 095// p1Member.setMemberId(principal1Id); 096// p1Member.setMemberTypeCode("P"); 097// p1Member.setRoleId(role1Id); 098// p1Member.setRoleMemberId(getNewRoleMemberId()); 099// members1.add(p1Member); 100// KRADServiceLocator.getBusinessObjectService().save(role1); 101// 102// // set up Role "r2" with principal p3, group g1 and role r1 103// RoleBo role2 = new RoleBo(); 104// role2.setId(role2Id); 105// role2.setActive(true); 106// role2.setKimTypeId(getDefaultKimType().getId()); 107// role2.setNamespaceCode(role2NamespaceCode); 108// role2.setDescription(role2Description); 109// role2.setName(role2Name); 110// List<RoleMemberBo> members2 = new ArrayList<RoleMemberBo>(); 111// role2.setMembers(members2); 112// RoleMemberBo p3Member = new RoleMemberBo(); 113// p3Member.setMemberId(principal3Id); 114// p3Member.setMemberTypeCode("P"); 115// p3Member.setRoleId(role2Id); 116// p3Member.setRoleMemberId(getNewRoleMemberId()); 117// members2.add(p3Member); 118// RoleMemberBo g1Member = new RoleMemberBo(); 119// g1Member.setMemberId(group1Id); 120// g1Member.setMemberTypeCode("G"); 121// g1Member.setRoleId(role2Id); 122// g1Member.setRoleMemberId(getNewRoleMemberId()); 123// members2.add(g1Member); 124// RoleMemberBo r1Member = new RoleMemberBo(); 125// r1Member.setMemberId(role1Id); 126// r1Member.setMemberTypeCode("R"); 127// r1Member.setRoleId(role2Id); 128// r1Member.setRoleMemberId(getNewRoleMemberId()); 129// members2.add(r1Member); 130// KRADServiceLocator.getBusinessObjectService().save(role2); 131// 132// // setup permissions 133// 134// KimPermissionTemplateImpl defaultTemplate = getDefaultPermissionTemplate(); 135// 136// KimPermissionImpl permission1 = new KimPermissionImpl(); 137// permission1.setActive(true); 138// permission1.setDescription("permission1"); 139// permission1.setName(permission1Name); 140// permission1.setNamespaceCode(permission1NamespaceCode); 141// permission1.setPermissionId(permission1Id); 142// permission1.setTemplateId(defaultTemplate.getPermissionTemplateId()); 143// permission1.setTemplate(defaultTemplate); 144// KRADServiceLocator.getBusinessObjectService().save(permission1); 145// 146// KimPermissionImpl permission2 = new KimPermissionImpl(); 147// permission2.setActive(true); 148// permission2.setDescription("permission2"); 149// permission2.setName(permission2Name); 150// permission2.setNamespaceCode(permission2NamespaceCode); 151// permission2.setPermissionId(permission2Id); 152// permission2.setTemplateId(defaultTemplate.getPermissionTemplateId()); 153// permission2.setTemplate(defaultTemplate); 154// KRADServiceLocator.getBusinessObjectService().save(permission2); 155// 156// KimPermissionImpl permission3 = new KimPermissionImpl(); 157// permission3.setActive(true); 158// permission3.setDescription("permission3"); 159// permission3.setName(permission3Name); 160// permission3.setNamespaceCode(permission3NamespaceCode); 161// permission3.setPermissionId(permission3Id); 162// permission3.setTemplateId(defaultTemplate.getPermissionTemplateId()); 163// permission3.setTemplate(defaultTemplate); 164// KRADServiceLocator.getBusinessObjectService().save(permission3); 165// 166// // assign permissions to roles 167// // p1 -> r1 168// // p2 -> r1 169// // p3 -> r2 170// 171// RolePermissionImpl role1Perm1 = new RolePermissionImpl(); 172// role1Perm1.setActive(true); 173// role1Perm1.setRoleId(role1Id); 174// role1Perm1.setPermissionId(permission1Id); 175// role1Perm1.setRolePermissionId(getNewRolePermissionId()); 176// KRADServiceLocator.getBusinessObjectService().save(role1Perm1); 177// 178// RolePermissionImpl role1Perm2 = new RolePermissionImpl(); 179// role1Perm2.setActive(true); 180// role1Perm2.setRoleId(role1Id); 181// role1Perm2.setPermissionId(permission2Id); 182// role1Perm2.setRolePermissionId(getNewRolePermissionId()); 183// KRADServiceLocator.getBusinessObjectService().save(role1Perm2); 184// 185// RolePermissionImpl role2Perm3 = new RolePermissionImpl(); 186// role2Perm3.setActive(true); 187// role2Perm3.setRoleId(role2Id); 188// role2Perm3.setPermissionId(permission3Id); 189// role2Perm3.setRolePermissionId(getNewRolePermissionId()); 190// KRADServiceLocator.getBusinessObjectService().save(role2Perm3); 191 } 192 193 @Test 194 public void testRoleMembership() { 195 Role role = roleService.getRole( role2Id ); 196 assertNotNull( "r2 must exist", role ); 197 ArrayList<String> roleList = new ArrayList<String>( 1 ); 198 roleList.add( role2Id ); 199 200 Collection<String> memberPrincipalIds = roleService.getRoleMemberPrincipalIds(role2NamespaceCode, role2Name, Collections.<String, String>emptyMap()); 201 assertNotNull(memberPrincipalIds); 202 assertEquals("RoleTwo should have 6 principal ids", 5, memberPrincipalIds.size()); 203 assertTrue( "p3 must belong to role", memberPrincipalIds.contains(principal3Id) ); 204 assertTrue( "p2 must belong to role (assigned via group)", memberPrincipalIds.contains(principal2Id) ); 205 assertTrue( "p1 must belong to r2 (via r1)", memberPrincipalIds.contains(principal1Id) ); 206 207 Collection<RoleMembership> members = roleService.getRoleMembers( roleList, Collections.<String, String>emptyMap() ); 208 assertNotNull( "returned list may not be null", members ); 209 assertFalse( "list must not be empty", members.isEmpty() ); 210 assertEquals("Returned list must have 4 members.", 4, members.size()); 211 boolean foundP3 = false; 212 boolean foundG1 = false; 213 boolean foundR1 = false; 214 for (RoleMembership member : members) { 215 if (member.getMemberId().equals(principal3Id) && member.getType().equals(MemberType.PRINCIPAL)) { 216 foundP3 = true; 217 } else if (member.getMemberId().equals(group1Id) && member.getType().equals(MemberType.GROUP)) { 218 foundG1 = true; 219 } else if (member.getMemberId().equals(principal1Id) && member.getType().equals(MemberType.PRINCIPAL)) { 220 foundR1 = true; 221 assertEquals("Should have r1 embedded role id.", role1Id, member.getEmbeddedRoleId()); 222 } 223 } 224 assertTrue("Failed to find p3 principal member", foundP3); 225 assertTrue("Failed to find g1 group member", foundG1); 226 assertTrue("Failed to find r1 role member", foundR1); 227 228 role = roleService.getRole( role1Id ); 229 assertNotNull( "r1 must exist", role ); 230 roleList.clear(); 231 roleList.add( role1Id ); 232 members = roleService.getRoleMembers( roleList, Collections.<String, String>emptyMap() ); 233 assertNotNull( "returned list may not be null", members ); 234 assertEquals("Should have 2 members", 2, members.size()); 235 Iterator<RoleMembership> iter = members.iterator(); 236 assertTrue("One of those members should be p1.", principal1Id.equals(iter.next().getMemberId()) || principal1Id.equals(iter.next().getMemberId())); 237 } 238 239// @Test 240// public void testGetPermissionsForRole() { 241// List<PermissionDetailInfo> perms = authorizationService.getPermissionsForRole( "r1" ); 242// System.out.println( "r1: " + perms ); 243// assertTrue( "r1 must have perm1 (direct)", hasPermission( perms, "perm1" ) ); 244// assertTrue( "r1 must have perm2 (direct)", hasPermission( perms, "perm2" ) ); 245// assertTrue( "r1 must have perm3 (via r2)", hasPermission( perms, "perm3" ) ); 246// perms = authorizationService.getPermissionsForRole( "r2" ); 247// System.out.println( "r2: " + perms ); 248// assertTrue( "r2 must have perm3 (direct)", hasPermission( perms, "perm3" ) ); 249// assertFalse( "r2 must not have perm1", hasPermission( perms, "perm1" ) ); 250// assertFalse( "r2 must not have perm2", hasPermission( perms, "perm2" ) ); 251// } 252 253 @Test 254 public void testHasPermission() { 255 256 assertTrue( "p1 must have perm1 (via r1)", permissionService.hasPermission( "p1", "KR-NS", "perm1" )); 257 assertTrue( "p1 must have perm2 (via r1)", permissionService.hasPermission( "p1", "KR-NS", "perm2" ) ); 258 assertTrue( "p1 must have perm3 (via r2)", permissionService.hasPermission( "p1", "KR-NS", "perm3" ) ); 259 assertTrue( "p3 must have perm3 (via r2)", permissionService.hasPermission( "p3", "KR-NS", "perm3" ) ); 260 assertFalse( "p3 must not have perm1", permissionService.hasPermission( "p3", "KR-NS", "perm1") ); 261 assertFalse( "p3 must not have perm2", permissionService.hasPermission( "p3", "KR-NS", "perm2") ); 262 } 263 264// protected boolean hasPermission( List<PermissionDetailsInfo> perms, String permissionId ) { 265// for ( PermissionDetailsInfo perm : perms ) { 266// if ( perm.getPermissionId().equals( permissionId ) ) { 267// return true; 268// } 269// } 270// return false; 271// } 272 // test that only active roles/permissions are used 273 // test that only roles attached to active groups are returned 274 // check that implied/implying lists are correct 275 // check qualification matching 276 // need hierarchical test for qualification matching 277 // check namespace filters 278 279 // non-qualified role/permission checks 280 // qualified role/permission checks 281 // add type services in test spring startup? - how in rice? 282 283}