View Javadoc
1   /**
2    * Copyright 2005-2016 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.krad.web.controller;
17  
18  import org.apache.commons.lang3.StringUtils;
19  import org.junit.Before;
20  import org.junit.Test;
21  import org.kuali.rice.krad.test.MockController;
22  import org.kuali.rice.krad.test.TestForm;
23  import org.kuali.rice.krad.uif.UifParameters;
24  import org.kuali.rice.krad.uif.lifecycle.ViewPostMetadata;
25  import org.kuali.rice.krad.web.form.UifFormBase;
26  import org.kuali.rice.krad.web.form.UifFormManager;
27  import org.springframework.mock.web.MockHttpServletRequest;
28  import org.springframework.web.method.HandlerMethod;
29  
30  import java.lang.reflect.Method;
31  
32  import static org.junit.Assert.fail;
33  
34  /**
35   * Test cases for {@link org.kuali.rice.krad.web.controller.UifControllerHandlerInterceptor}.
36   *
37   * @author Kuali Rice Team (rice.collab@kuali.org)
38   */
39  public class UifControllerHandlerInterceptorTest {
40  
41      private UifControllerHandlerInterceptor handlerInterceptor;
42      private MockController controller;
43      private MockHttpServletRequest request;
44      private UifFormBase model;
45  
46      @Before
47      public void setUp() throws Exception {
48          request = new MockHttpServletRequest();
49          request.setMethod("POST");
50  
51          UifFormManager uifFormManager = new UifFormManager();
52  
53          String formKey = "TEST";
54  
55          model = new TestForm();
56          model.setFormKey(formKey);
57          uifFormManager.addSessionForm(model);
58  
59          request.getSession().setAttribute(UifParameters.FORM_MANAGER, uifFormManager);
60          request.setParameter(UifParameters.FORM_KEY, formKey);
61  
62          handlerInterceptor = new UifControllerHandlerInterceptor();
63          controller = new MockController();
64      }
65  
66      /**
67       * Tests method access is being granted where annotations are present and the method is within
68       * the view configuration.
69       */
70      @Test
71      public void testCheckHandlerMethodAccess() throws Exception {
72          ViewPostMetadata viewPostMetadata = new ViewPostMetadata();
73          model.setViewPostMetadata(viewPostMetadata);
74  
75          assertMethodAccess("Accessible annotation not picked up", "method1", true);
76          assertMethodAccess("Custom method should be allowed due to not being in the available methods", "method2", true);
77          viewPostMetadata.addAvailableMethodToCall( "method2" );
78          assertMethodAccess("Accessible annotation picked up where not present", "method2", false);
79  
80          viewPostMetadata.addAccessibleMethodToCall("method4");
81          viewPostMetadata.addAccessibleMethodToCall("method6");
82  
83          assertMethodAccess("Accessible method by view not picked up", "method4", true);
84          assertMethodAccess("Accessible method by view not picked up", "method6", true);
85  
86          assertMethodAccess("Method not accessible for empty method to call", null, true);
87      }
88  
89      /**
90       * Helper method for testing {@link UifControllerHandlerInterceptor#checkHandlerMethodAccess}.
91       *
92       * @param failureMessage message to show if assert fails
93       * @param methodToCall controller method to check access for
94       * @param access expected access result
95       * @throws Exception
96       */
97      protected void assertMethodAccess(String failureMessage, String methodToCall, boolean access) throws Exception {
98          request.setParameter(UifParameters.METHOD_TO_CALL, methodToCall);
99  
100         // if method to call is blank, pick a method as the default handler
101         if (StringUtils.isBlank(methodToCall)) {
102             methodToCall = "method5";
103         }
104 
105         try {
106             handlerInterceptor.checkHandlerMethodAccess(request, getHandlerMethod(methodToCall));
107         } catch (MethodAccessException e) {
108             if (access) {
109                 fail(failureMessage);
110             }
111 
112             return;
113         }
114 
115         if (!access) {
116             fail(failureMessage);
117         }
118     }
119 
120     /**
121      * Builds instance of a handler method (using the controller) for the given method to call.
122      *
123      * @param methodToCall method on controller to build handler for
124      * @return handler method instance
125      */
126     protected HandlerMethod getHandlerMethod(String methodToCall) {
127         Method method = null;
128 
129         for (Method controllerMethod : controller.getClass().getMethods()) {
130             if (StringUtils.equals(controllerMethod.getName(), methodToCall)) {
131                 method = controllerMethod;
132             }
133         }
134 
135         if (method != null) {
136             return new HandlerMethod(controller, method);
137         }
138 
139         return null;
140     }
141 }