1 /*
2 * Copyright 2007-2008 The Kuali Foundation
3 *
4 * Licensed under the Educational Community License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.opensource.org/licenses/ecl2.php
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 package org.kuali.rice.kim.test.service;
17
18 import org.junit.Before;
19 import org.junit.Test;
20 import org.kuali.rice.kim.api.role.Role;
21 import org.kuali.rice.kim.api.role.RoleMembership;
22 import org.kuali.rice.kim.api.role.RoleService;
23 import org.kuali.rice.kim.api.services.KimApiServiceLocator;
24 import org.kuali.rice.kim.service.PermissionService;
25 import org.kuali.rice.kim.test.KIMTestCase;
26
27 import java.util.ArrayList;
28 import java.util.Collection;
29 import java.util.Iterator;
30
31 import static org.junit.Assert.*;
32
33 /**
34 * This is a description of what this class does - kellerj don't forget to fill this in.
35 *
36 * @author Kuali Rice Team (rice.collab@kuali.org)
37 *
38 */
39 public class AuthorizationServiceImplTest extends KIMTestCase {
40
41 private PermissionService permissionService;
42 private RoleService roleService;
43
44 private String principal1Id = "p1";
45 private String principal2Id = "p2";
46 private String principal3Id = "p3";
47
48 private String group1Id = "g1";
49
50 private String role1Id = "r1";
51 private String role1NamespaceCode = "AUTH_SVC_TEST1";
52 private String role1Description = "Role 1 Description";
53 private String role1Name = "RoleOne";
54
55 private String role2Id = "r2";
56 private String role2NamespaceCode = "AUTH_SVC_TEST2";
57 private String role2Description = "Role 2 Description";
58 private String role2Name = "RoleTwo";
59
60 private String permission1Name = "perm1";
61 private String permission1NamespaceCode = "KR-NS";
62 private String permission1Id = "p1";
63
64 private String permission2Name = "perm2";
65 private String permission2NamespaceCode = "KR-NS";
66 private String permission2Id = "p2";
67
68 private String permission3Name = "perm3";
69 private String permission3NamespaceCode = "KR-NS";
70 private String permission3Id = "p3";
71
72
73 @Before
74 public void setUp() throws Exception {
75 super.setUp();
76
77 permissionService = KimApiServiceLocator.getPermissionService();
78 roleService = KimApiServiceLocator.getRoleService();
79
80 //
81 //
82 // // set up Role "r1" with principal p1
83 // RoleBo role1 = new RoleBo();
84 // role1.setId(role1Id);
85 // role1.setActive(true);
86 // role1.setKimTypeId(getDefaultKimType().getId());
87 // role1.setNamespaceCode(role1NamespaceCode);
88 // role1.setDescription(role1Description);
89 // role1.setName(role1Name);
90 // List<RoleMemberBo> members1 = new ArrayList<RoleMemberBo>();
91 // role1.setMembers(members1);
92 // RoleMemberBo p1Member = new RoleMemberBo();
93 // p1Member.setMemberId(principal1Id);
94 // p1Member.setMemberTypeCode("P");
95 // p1Member.setRoleId(role1Id);
96 // p1Member.setRoleMemberId(getNewRoleMemberId());
97 // members1.add(p1Member);
98 // KRADServiceLocator.getBusinessObjectService().save(role1);
99 //
100 // // set up Role "r2" with principal p3, group g1 and role r1
101 // RoleBo role2 = new RoleBo();
102 // role2.setId(role2Id);
103 // role2.setActive(true);
104 // role2.setKimTypeId(getDefaultKimType().getId());
105 // role2.setNamespaceCode(role2NamespaceCode);
106 // role2.setDescription(role2Description);
107 // role2.setName(role2Name);
108 // List<RoleMemberBo> members2 = new ArrayList<RoleMemberBo>();
109 // role2.setMembers(members2);
110 // RoleMemberBo p3Member = new RoleMemberBo();
111 // p3Member.setMemberId(principal3Id);
112 // p3Member.setMemberTypeCode("P");
113 // p3Member.setRoleId(role2Id);
114 // p3Member.setRoleMemberId(getNewRoleMemberId());
115 // members2.add(p3Member);
116 // RoleMemberBo g1Member = new RoleMemberBo();
117 // g1Member.setMemberId(group1Id);
118 // g1Member.setMemberTypeCode("G");
119 // g1Member.setRoleId(role2Id);
120 // g1Member.setRoleMemberId(getNewRoleMemberId());
121 // members2.add(g1Member);
122 // RoleMemberBo r1Member = new RoleMemberBo();
123 // r1Member.setMemberId(role1Id);
124 // r1Member.setMemberTypeCode("R");
125 // r1Member.setRoleId(role2Id);
126 // r1Member.setRoleMemberId(getNewRoleMemberId());
127 // members2.add(r1Member);
128 // KRADServiceLocator.getBusinessObjectService().save(role2);
129 //
130 // // setup permissions
131 //
132 // KimPermissionTemplateImpl defaultTemplate = getDefaultPermissionTemplate();
133 //
134 // KimPermissionImpl permission1 = new KimPermissionImpl();
135 // permission1.setActive(true);
136 // permission1.setDescription("permission1");
137 // permission1.setName(permission1Name);
138 // permission1.setNamespaceCode(permission1NamespaceCode);
139 // permission1.setPermissionId(permission1Id);
140 // permission1.setTemplateId(defaultTemplate.getPermissionTemplateId());
141 // permission1.setTemplate(defaultTemplate);
142 // KRADServiceLocator.getBusinessObjectService().save(permission1);
143 //
144 // KimPermissionImpl permission2 = new KimPermissionImpl();
145 // permission2.setActive(true);
146 // permission2.setDescription("permission2");
147 // permission2.setName(permission2Name);
148 // permission2.setNamespaceCode(permission2NamespaceCode);
149 // permission2.setPermissionId(permission2Id);
150 // permission2.setTemplateId(defaultTemplate.getPermissionTemplateId());
151 // permission2.setTemplate(defaultTemplate);
152 // KRADServiceLocator.getBusinessObjectService().save(permission2);
153 //
154 // KimPermissionImpl permission3 = new KimPermissionImpl();
155 // permission3.setActive(true);
156 // permission3.setDescription("permission3");
157 // permission3.setName(permission3Name);
158 // permission3.setNamespaceCode(permission3NamespaceCode);
159 // permission3.setPermissionId(permission3Id);
160 // permission3.setTemplateId(defaultTemplate.getPermissionTemplateId());
161 // permission3.setTemplate(defaultTemplate);
162 // KRADServiceLocator.getBusinessObjectService().save(permission3);
163 //
164 // // assign permissions to roles
165 // // p1 -> r1
166 // // p2 -> r1
167 // // p3 -> r2
168 //
169 // RolePermissionImpl role1Perm1 = new RolePermissionImpl();
170 // role1Perm1.setActive(true);
171 // role1Perm1.setRoleId(role1Id);
172 // role1Perm1.setPermissionId(permission1Id);
173 // role1Perm1.setRolePermissionId(getNewRolePermissionId());
174 // KRADServiceLocator.getBusinessObjectService().save(role1Perm1);
175 //
176 // RolePermissionImpl role1Perm2 = new RolePermissionImpl();
177 // role1Perm2.setActive(true);
178 // role1Perm2.setRoleId(role1Id);
179 // role1Perm2.setPermissionId(permission2Id);
180 // role1Perm2.setRolePermissionId(getNewRolePermissionId());
181 // KRADServiceLocator.getBusinessObjectService().save(role1Perm2);
182 //
183 // RolePermissionImpl role2Perm3 = new RolePermissionImpl();
184 // role2Perm3.setActive(true);
185 // role2Perm3.setRoleId(role2Id);
186 // role2Perm3.setPermissionId(permission3Id);
187 // role2Perm3.setRolePermissionId(getNewRolePermissionId());
188 // KRADServiceLocator.getBusinessObjectService().save(role2Perm3);
189 }
190
191 @Test
192 public void testRoleMembership() {
193 Role role = roleService.getRole( role2Id );
194 assertNotNull( "r2 must exist", role );
195 ArrayList<String> roleList = new ArrayList<String>( 1 );
196 roleList.add( role2Id );
197
198 Collection<String> memberPrincipalIds = roleService.getRoleMemberPrincipalIds(role2NamespaceCode, role2Name, null);
199 assertNotNull(memberPrincipalIds);
200 assertEquals("RoleTwo should have 6 principal ids", 5, memberPrincipalIds.size());
201 assertTrue( "p3 must belong to role", memberPrincipalIds.contains(principal3Id) );
202 assertTrue( "p2 must belong to role (assigned via group)", memberPrincipalIds.contains(principal2Id) );
203 assertTrue( "p1 must belong to r2 (via r1)", memberPrincipalIds.contains(principal1Id) );
204
205 Collection<RoleMembership> members = roleService.getRoleMembers( roleList, null );
206 assertNotNull( "returned list may not be null", members );
207 assertFalse( "list must not be empty", members.isEmpty() );
208 assertEquals("Returned list must have 4 members.", 4, members.size());
209 boolean foundP3 = false;
210 boolean foundG1 = false;
211 boolean foundR1 = false;
212 for (RoleMembership member : members) {
213 if (member.getMemberId().equals(principal3Id) && member.getMemberTypeCode().equals("P")) {
214 foundP3 = true;
215 } else if (member.getMemberId().equals(group1Id) && member.getMemberTypeCode().equals("G")) {
216 foundG1 = true;
217 } else if (member.getMemberId().equals(principal1Id) && member.getMemberTypeCode().equals("P")) {
218 foundR1 = true;
219 assertEquals("Should have r1 embedded role id.", role1Id, member.getEmbeddedRoleId());
220 }
221 }
222 assertTrue("Failed to find p3 principal member", foundP3);
223 assertTrue("Failed to find g1 group member", foundG1);
224 assertTrue("Failed to find r1 role member", foundR1);
225
226 role = roleService.getRole( role1Id );
227 assertNotNull( "r1 must exist", role );
228 roleList.clear();
229 roleList.add( role1Id );
230 members = roleService.getRoleMembers( roleList, null );
231 assertNotNull( "returned list may not be null", members );
232 assertEquals("Should have 2 members", 2, members.size());
233 Iterator<RoleMembership> iter = members.iterator();
234 assertTrue("One of those members should be p1.", principal1Id.equals(iter.next().getMemberId()) || principal1Id.equals(iter.next().getMemberId()));
235 }
236
237 // @Test
238 // public void testGetPermissionsForRole() {
239 // List<PermissionDetailInfo> perms = authorizationService.getPermissionsForRole( "r1" );
240 // System.out.println( "r1: " + perms );
241 // assertTrue( "r1 must have perm1 (direct)", hasPermission( perms, "perm1" ) );
242 // assertTrue( "r1 must have perm2 (direct)", hasPermission( perms, "perm2" ) );
243 // assertTrue( "r1 must have perm3 (via r2)", hasPermission( perms, "perm3" ) );
244 // perms = authorizationService.getPermissionsForRole( "r2" );
245 // System.out.println( "r2: " + perms );
246 // assertTrue( "r2 must have perm3 (direct)", hasPermission( perms, "perm3" ) );
247 // assertFalse( "r2 must not have perm1", hasPermission( perms, "perm1" ) );
248 // assertFalse( "r2 must not have perm2", hasPermission( perms, "perm2" ) );
249 // }
250
251 @Test
252 public void testHasPermission() {
253
254 assertTrue( "p1 must have perm1 (via r1)", permissionService.hasPermission( "p1", "KR-NS", "perm1", null ) );
255 assertTrue( "p1 must have perm2 (via r1)", permissionService.hasPermission( "p1", "KR-NS", "perm2", null ) );
256 assertTrue( "p1 must have perm3 (via r2)", permissionService.hasPermission( "p1", "KR-NS", "perm3", null ) );
257 assertTrue( "p3 must have perm3 (via r2)", permissionService.hasPermission( "p3", "KR-NS", "perm3", null ) );
258 assertFalse( "p3 must not have perm1", permissionService.hasPermission( "p3", "KR-NS", "perm1", null ) );
259 assertFalse( "p3 must not have perm2", permissionService.hasPermission( "p3", "KR-NS", "perm2", null ) );
260 }
261
262 // protected boolean hasPermission( List<PermissionDetailsInfo> perms, String permissionId ) {
263 // for ( PermissionDetailsInfo perm : perms ) {
264 // if ( perm.getPermissionId().equals( permissionId ) ) {
265 // return true;
266 // }
267 // }
268 // return false;
269 // }
270 // test that only active roles/permissions are used
271 // test that only roles attached to active groups are returned
272 // check that implied/implying lists are correct
273 // check qualification matching
274 // need hierarchical test for qualification matching
275 // check namespace filters
276
277 // non-qualified role/permission checks
278 // qualified role/permission checks
279 // add type services in test spring startup? - how in rice?
280
281 }