r400 - in trunk/wikitty-api/src: main/java/org/nuiton/wikitty test/java/org/nuiton/wikitty/layers
Author: bpoussin Date: 2010-10-13 16:03:30 +0200 (Wed, 13 Oct 2010) New Revision: 400 Url: http://nuiton.org/repositories/revision/wikitty/400 Log: debut de refactoring de la securite Added: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyMetaExtensionUtil.java trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittySecurityHelper.java Modified: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java Added: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyMetaExtensionUtil.java =================================================================== --- trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyMetaExtensionUtil.java (rev 0) +++ trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyMetaExtensionUtil.java 2010-10-13 14:03:30 UTC (rev 400) @@ -0,0 +1,74 @@ +/* *##% + * Copyright (c) 2010 poussin. All rights reserved. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + *##%*/ + +package org.nuiton.wikitty; + + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * + * @author poussin + * @version $Revision$ + * + * Last update: $Date$ + * by : $Author$ + */ +public class WikittyMetaExtensionUtil { + + /** to use log facility, just put in your code: log.info(\"...\"); */ + static private Log log = LogFactory.getLog(WikittyMetaExtensionUtil.class); + + private static String SEPARATOR = ":"; + + /** + * generate id for meta extension and extension + * @return a wikitty id + */ + static public String generateId( + String metaExtensionName, String extensionName) { + return String.format("%s%s%s", metaExtensionName, SEPARATOR, extensionName); + } + + /** + * Extract meta extension name from wikittyId. If Id is not meta extension + * id, return null + */ + static public String extractMetaName(String id) { + String[] ids = id.split(SEPARATOR); + if (ids.length == 2) { + return ids[0]; + } else { + return null; + } + } + + /** + * Extract extension name from wikittyId. If Id is not meta extension + * id, return null + */ + static public String extractExtName(String id) { + String[] ids = id.split(SEPARATOR); + if (ids.length == 2) { + return ids[1]; + } else { + return null; + } + } + +} Added: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittySecurityHelper.java =================================================================== --- trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittySecurityHelper.java (rev 0) +++ trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittySecurityHelper.java 2010-10-13 14:03:30 UTC (rev 400) @@ -0,0 +1,134 @@ +/* *##% + * Copyright (c) 2010 poussin. All rights reserved. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + *##%*/ + +package org.nuiton.wikitty; + + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.nuiton.wikitty.search.Search; + +/** + * + * @author poussin + * @version $Revision$ + * + * Last update: $Date$ + * by : $Author$ + */ +public class WikittySecurityHelper { + + /** to use log facility, just put in your code: log.info(\"...\"); */ + static private Log log = LogFactory.getLog(WikittySecurityHelper.class); + + /** nom du groupe des administrateurs de l'application */ + static final public String WIKITTY_APPADMIN_GROUP_NAME = "WikittyAppAdmin"; + + /** + * get the id of a user given his login. + * + * @param securityToken a token + * @param login the login of the user to search for + * @return a wikitty id + */ + static public String getUserWikittyId(WikittyProxy proxy, String login) { + String userWikittyId = null; + Wikitty user = proxy.findByCriteria(Search.query().eq( + WikittyUser.FQ_FIELD_WIKITTYUSER_LOGIN, login).criteria()); + if (user != null) { + userWikittyId = user.getId(); + } + return userWikittyId; + } + + /** + * create appAdminGroup and add current user as first member + */ + static public WikittyGroup createAppAdminGroup(WikittyUser user) { + WikittyGroup result = new WikittyGroupImpl(); + result.setName(WIKITTY_APPADMIN_GROUP_NAME); + + String firstUserId = user.getWikittyId(); + result.addMembers(firstUserId); + + return result; + } + + /** + * create wikitty that represent a <strong>level 2</strong> security policy + * on the given extension. + * + * Store must check if this security policy doesn't already exist + * + */ + static public Wikitty createExtensionAuthorisation(WikittyUser owner, + WikittyExtension extension) { + + String wikittyAuthorisationId = WikittyMetaExtensionUtil.generateId( + WikittyAuthorisation.EXT_WIKITTYAUTHORISATION, extension.getName()); + Wikitty result = new WikittyImpl(wikittyAuthorisationId); + WikittyAuthorisationHelper.addExtension(result); + WikittyAuthorisationHelper.setOwner(result, owner.getWikittyId()); + return result; + } + + static public Wikitty restoreExtensionAuthorisation( + WikittyProxy proxy, WikittyExtension extension) { + String wikittyAuthorisationId = WikittyMetaExtensionUtil.generateId( + WikittyAuthorisation.EXT_WIKITTYAUTHORISATION, extension.getName()); + Wikitty result = proxy.restore(wikittyAuthorisationId); + return result; + } + +// /** +// * @param securityToken token with rights to modify extension +// * @param extensionRights a wikitty that has extension WikittyAuthorisation +// */ +// static public void storeExtensionAuthorisation(String securityToken, +// Wikitty extensionRights) { +// +// String userId = getUserId(securityToken); +// +// Wikitty oldVersion = ws.restore(securityToken, extensionRights.getId()); +// +// // check that the extensionRights does not have +// if (WikittyAuthorisationHelper.hasExtension(extensionRights)) { +// +// if (oldVersion == null) { +// // if this exception is raised, you should use addExtensionAuthorisation() +// throw new IllegalArgumentException("you can't store an authorisation for the fist time"); +// +// } else { +// +// if ( userIsAnonymousOrAppAdmin(securityToken, userId) || +// canAdmin(securityToken, userId, null, oldVersion) ) { +// +// ws.store(securityToken, extensionRights); +// +// } else { +// throw new SecurityException(String.format( +// "user %s can't admin rights for this extension", userId)); +// } +// } +// } else { +// throw new IllegalArgumentException(String.format( +// "extensionRights %s is not a wikittyAuthorisation. It misses the extension", +// extensionRights)); +// } +// } +// +} Modified: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java =================================================================== --- trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java 2010-10-13 12:38:37 UTC (rev 399) +++ trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java 2010-10-13 14:03:30 UTC (rev 400) @@ -29,9 +29,6 @@ /** to use log facility, just put in your code: log.info(\"...\"); */ static private Log log = LogFactory.getLog(WikittyServiceSecurity.class); - /** nom du groupe des administrateurs de l'application */ - static final public String WIKITTY_APPADMIN_GROUP_NAME = "WikittyAppAdmin"; - protected WikittyService ws; /** cache de l'id du groupe AppAdmin */ @@ -97,61 +94,7 @@ } /** - * @return a wikitty id - */ - protected String extensionToWikittySecurityId(String extensionName) { - return String.format("WikittySecurity:%s", extensionName); - } - - /** create an new account. - * create a new account, require to be appAdmin or anonymous if security - * is not yet enabled - * @param securityToken token (null for anonymous, or a token of an appAdmin) - * @param login the login of the account to be created - * @param password the password of the account to be created - */ - public void createAccount(String securityToken, String login, String password) { - String userId = getUserId(securityToken); - boolean creationAllowed = userIsAnonymousOrAppAdmin(securityToken, userId); - - if (creationAllowed) { - Wikitty user = ws.findByCriteria(securityToken, Search.query().eq( - WikittyUser.FQ_FIELD_WIKITTYUSER_LOGIN, login).criteria()); - if (user == null) { - user = new WikittyImpl(); - WikittyUserHelper.addExtension(user); - WikittyUserHelper.setLogin(user, login); - WikittyUserHelper.setPassword(user, password); - ws.store(null, user); - log.debug(String.format("login '%s' has userId '%s'", login, user.getId())); - } else { - throw new IllegalArgumentException( - String.format("account already exists '%s'", - login)); - } - } else { - throw new SecurityException("only admin can create accounts"); - } - } - - /** get the id of a user given his login. - * - * @param securityToken a token - * @param login the login of the user to search for - * @return a wikitty id - */ - public String getUserWikittyId(String securityToken, String login) { - getUserId(securityToken); - String userWikittyId = null; - Wikitty user = ws.findByCriteria(null, Search.query().eq( - WikittyUser.FQ_FIELD_WIKITTYUSER_LOGIN, login).criteria()); - if (user != null) { - userWikittyId = user.getId(); - } - return userWikittyId; - } - - /** if app-admin group exists, return true if given userId is app-admin + * if app-admin group exists, return true if given userId is app-admin * if app-admin group doesn't exists, return true if user is anonymous */ protected boolean userIsAnonymousOrAppAdmin(String securityToken, String userId) { @@ -172,107 +115,6 @@ return userIsAnonymousOrAppAdmin; } - /** add a <strong>level 2</strong> security policy on the given extension. */ - public Wikitty addExtensionAuthorisation(String securityToken, - WikittyExtension extension) { - - // TODO 20101005 bleny merge into storeExtensionAuthorisation by adding an extension paramater ? - - String userId = getUserId(securityToken); - boolean creationAllowed = userIsAnonymousOrAppAdmin(securityToken, userId); - - if (creationAllowed) { - if (restoreExtensionAuthorisation(securityToken, extension.getName()) == null) { - String wikittyAuthorisationId = extensionToWikittySecurityId(extension.getName()); - Wikitty wikittyAuthorisation = new WikittyImpl(wikittyAuthorisationId); - WikittyAuthorisationHelper.addExtension(wikittyAuthorisation); - WikittyAuthorisationHelper.setOwner(wikittyAuthorisation, userId); - ws.store(securityToken, wikittyAuthorisation); - return wikittyAuthorisation; - } else { - throw new SecurityException(String.format( - "extension %s already has an security extension attached", - extension.getName())); - } - } else { - throw new SecurityException(String.format( - "Only members of %s group can add authorisation", - WIKITTY_APPADMIN_GROUP_NAME)); - } - } - - /** restore the wikitty authorisation attached to given extension. - * - * @return a wikitty with WikittyAuthorisation extension, or null if given - * extension has no security policy attached - */ - public Wikitty restoreExtensionAuthorisation(String securityToken, - WikittyExtension extension) { - return restoreExtensionAuthorisation(securityToken, extension.getName()); - } - - /** restore the wikitty authorisation attached to given extension. - * - * @return a wikitty with WikittyAuthorisation extension, or null if given - * extension has no security policy attached - */ - public Wikitty restoreExtensionAuthorisation(String securityToken, - String extensionName) { - String userId = getUserId(securityToken); - String wikittyAuthorisationId = extensionToWikittySecurityId(extensionName); - Wikitty wikittyAuthorisation = ws.restore(securityToken, wikittyAuthorisationId); - if (wikittyAuthorisation == null) { - log.debug(extensionName + " has no authorization attached"); - } else { - /* - if ( ! canAdmin(securityToken, userId, wikittyAuthorisation)) { - throw new SecurityException(String.format( - "user %s doesn't have admin rights on extension %s", - userId, extension.getName())); - } - */ - } - return wikittyAuthorisation; - } - - /** - * - * @param securityToken token with rights to modify extension - * @param extensionRights a wikitty that has extension WikittyAuthorisation - */ - public void storeExtensionAuthorisation(String securityToken, - Wikitty extensionRights) { - - String userId = getUserId(securityToken); - - Wikitty oldVersion = ws.restore(securityToken, extensionRights.getId()); - - // check that the extensionRights does not have - if (WikittyAuthorisationHelper.hasExtension(extensionRights)) { - - if (oldVersion == null) { - // if this exception is raised, you should use addExtensionAuthorisation() - throw new IllegalArgumentException("you can't store an authorisation for the fist time"); - - } else { - - if ( userIsAnonymousOrAppAdmin(securityToken, userId) || - canAdmin(securityToken, userId, null, oldVersion) ) { - - ws.store(securityToken, extensionRights); - - } else { - throw new SecurityException(String.format( - "user %s can't admin rights for this extension", userId)); - } - } - } else { - throw new IllegalArgumentException(String.format( - "extensionRights %s is not a wikittyAuthorisation. It misses the extension", - extensionRights)); - } - } - @Override public UpdateResponse store(String securityToken, Wikitty wikitty) { Collection<Wikitty> wikitties = Arrays.asList(wikitty); @@ -320,7 +162,8 @@ // check that **reader** right on Security for all extension for (String extensionName: newExtensions) { - Wikitty extensionRights = restoreExtensionAuthorisation(securityToken, extensionName); + Wikitty extensionRights = restoreExtensionAuthorisation( + securityToken, extensionName); boolean canCreate = extensionRights == null || canRead(securityToken, userId, null, extensionRights); if ( ! canCreate ) { @@ -896,39 +739,14 @@ return result; } - /** create appAdminGroup and add current user as first member */ - public void createAppAdminGroup(String securityToken) { - if (securityToken == null) { - throw new IllegalArgumentException("login required, token is null"); - } - - Wikitty group = getAppAdminGroup(securityToken); - if (group == null) { - // il n'existe pas on le cree. - WikittyGroupAbstract appAdminGroup = new WikittyGroupImpl(); - appAdminGroup.setName(WIKITTY_APPADMIN_GROUP_NAME); - - String fisrtUserId = getUserId(securityToken); - appAdminGroup.addMembers(fisrtUserId); - - ws.store(securityToken, appAdminGroup.getWikitty()); - - // on garde l'id pour ne plus faire la recherche, - // vu que le groupe doit etre unique cela ne pose pas de probleme - appAdminGroupId = appAdminGroup.getWikitty().getId(); - group = appAdminGroup.getWikitty(); - } else { - throw new SecurityException("AppAdmin group already exists"); - } - } - /** get the wikitty with extension WikittyGroup that contains all app-admin. */ protected Wikitty getAppAdminGroup(String securityToken) { Wikitty group; if (appAdminGroupId == null) { // 1er fois, on le recherche group = ws.findByCriteria(securityToken, Search.query().eq( - WikittyGroup.FQ_FIELD_WIKITTYGROUP_NAME, WIKITTY_APPADMIN_GROUP_NAME).criteria()); + WikittyGroup.FQ_FIELD_WIKITTYGROUP_NAME, + WikittySecurityHelper.WIKITTY_APPADMIN_GROUP_NAME).criteria()); // group peut-etre null s'il n'existe pas } else { // on a deja fait la recherche precedement, on essaie de reutilise @@ -966,4 +784,33 @@ return false; // not found in groupOrUser } + /** + * restore the wikitty authorisation attached to given extension. + * + * @return a wikitty with WikittyAuthorisation extension, or null if given + * extension has no security policy attached + */ + protected Wikitty restoreExtensionAuthorisation(String securityToken, + WikittyExtension extension) { + return restoreExtensionAuthorisation(securityToken, extension.getName()); + } + + /** + * restore the wikitty authorisation attached to given extension. + * + * @return a wikitty with WikittyAuthorisation extension, or null if given + * extension has no security policy attached + */ + protected Wikitty restoreExtensionAuthorisation(String securityToken, + String extensionName) { + String wikittyAuthorisationId = WikittyMetaExtensionUtil.generateId( + WikittyAuthorisation.EXT_WIKITTYAUTHORISATION, extensionName); + Wikitty wikittyAuthorisation = ws.restore(securityToken, wikittyAuthorisationId); + if (wikittyAuthorisation == null) { + log.debug(extensionName + " has no authorization attached"); + } + return wikittyAuthorisation; + } + + } Modified: trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java =================================================================== --- trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java 2010-10-13 12:38:37 UTC (rev 399) +++ trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java 2010-10-13 14:03:30 UTC (rev 400) @@ -1,9 +1,7 @@ package org.nuiton.wikitty.layers; import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; @@ -17,14 +15,21 @@ import org.nuiton.wikitty.WikittyAuthorisationAbstract; import org.nuiton.wikitty.WikittyAuthorisationHelper; import org.nuiton.wikitty.WikittyAuthorisationImpl; +import org.nuiton.wikitty.WikittyGroup; +import org.nuiton.wikitty.WikittyProxy; +import org.nuiton.wikitty.WikittySecurityHelper; import org.nuiton.wikitty.WikittyService; import org.nuiton.wikitty.WikittyServiceInMemory; import org.nuiton.wikitty.WikittyServiceSecurity; +import org.nuiton.wikitty.WikittyUser; +import org.nuiton.wikitty.WikittyUserImpl; import org.nuiton.wikitty.WikittyUtil; /** test {@link org.nuiton.wikitty.WikittyServiceSecurity}. */ public class WikittyServiceSecurityTest extends AbstractWikittyServiceTest { - + + // FIXME 20101112 poussin classe a revoir suite au refactoring de la secu + private static final Log log = LogFactory.getLog(WikittyServiceSecurityTest.class); protected WikittyServiceSecurity securityService; @@ -34,7 +39,7 @@ protected String writerToken; protected String adminToken; protected String ownerToken; - + @Before public void setUpWikittyServiceSecurityTest() { WikittyService inMemoryService = new WikittyServiceInMemory(); @@ -52,26 +57,52 @@ // token = service.login(APPADMIN_LOGIN, APPADMIN_PASSWORD); token = null; - securityService.createAccount(token, "i have no rights", ""); - securityService.createAccount(token, "reader", ""); - securityService.createAccount(token, "writer", ""); - securityService.createAccount(token, "admin", ""); - securityService.createAccount(token, "owner", ""); + WikittyProxy proxy = new WikittyProxy(securityService); + proxy.setSecurityToken(token); + + WikittyUser anonymous = new WikittyUserImpl(); + anonymous.setLogin("i have no rights"); + anonymous.setPassword(""); + proxy.store(anonymous); - Wikitty authorizations = securityService.addExtensionAuthorisation(token, extension); - WikittyAuthorisationHelper.addReader(authorizations, securityService.getUserWikittyId(token, "reader")); - WikittyAuthorisationHelper.addWriter(authorizations, securityService.getUserWikittyId(token, "writer")); - WikittyAuthorisationHelper.addAdmin(authorizations, securityService.getUserWikittyId(token, "admin")); - WikittyAuthorisationHelper.setOwner(authorizations, securityService.getUserWikittyId(token, "owner")); + WikittyUser reader = new WikittyUserImpl(); + reader.setLogin("reader"); + reader.setPassword(""); + proxy.store(reader); + WikittyUser writer = new WikittyUserImpl(); + writer.setLogin("writer"); + writer.setPassword(""); + proxy.store(writer); + + WikittyUser admin = new WikittyUserImpl(); + admin.setLogin("admin"); + admin.setPassword(""); + proxy.store(admin); + + WikittyUser owner = new WikittyUserImpl(); + owner.setLogin("owner"); + owner.setPassword(""); + proxy.store(owner); + + + Wikitty authorizations = WikittySecurityHelper.createExtensionAuthorisation(owner, extension); + WikittyAuthorisationHelper.addReader(authorizations, reader.getWikittyId()); + WikittyAuthorisationHelper.addWriter(authorizations, writer.getWikittyId()); + WikittyAuthorisationHelper.addAdmin(authorizations, admin.getWikittyId()); + WikittyAuthorisationHelper.setOwner(authorizations, owner.getWikittyId()); + log.debug("initial wikitty rights" + authorizations); - securityService.storeExtensionAuthorisation(token, authorizations); securityService.storeExtension(token, extension); + securityService.store(token, authorizations); - Wikitty extensionAuthorisation = securityService.restoreExtensionAuthorisation(token, extension); - log.debug("restored initial rights " + extensionAuthorisation); +// Wikitty extensionAuthorisation = +// WikittySecurityHelper.restoreExtensionAuthorisation(proxy, extension); +// +// log.debug("restored initial rights " + extensionAuthorisation); + token = null; ownerToken = service.login("owner", ""); @@ -81,9 +112,14 @@ noRightsToken = service.login("i have no rights", ""); /**/ - securityService.createAccount(null, "root", ""); + WikittyUser root = new WikittyUserImpl(); + root.setLogin("root"); + root.setPassword(""); + proxy.store(root); + String rootToken = service.login("root", ""); - securityService.createAppAdminGroup(rootToken); + WikittyGroup appAdmin = WikittySecurityHelper.createAppAdminGroup(root); + proxy.store(appAdmin); /**/ } @@ -98,7 +134,7 @@ // now storing the wikitty for next tests service.store(readerToken, aWikitty); - + // try to make operations on the stored wikitty with a bad token try { service.restore(invalidToken, aWikitty.getId()); @@ -109,7 +145,7 @@ service.logout(invalidToken); fail(); } catch (SecurityException e) {} - + // now try to make a valid token invalid service.logout(readerToken); try { @@ -117,7 +153,7 @@ fail(); } catch (SecurityException e) {} } - + /* *** level 1 security tests ***/ @Test @@ -125,7 +161,8 @@ aWikitty.addExtension(WikittyAuthorisationAbstract.extensionWikittyAuthorisation); WikittyAuthorisation auth = new WikittyAuthorisationImpl(aWikitty); - String readerId = securityService.getUserWikittyId(null, "reader"); + WikittyProxy proxy = new WikittyProxy(securityService); + String readerId = WikittySecurityHelper.getUserWikittyId(proxy, "reader"); auth.clearReader(); auth.addReader(readerId); @@ -148,7 +185,8 @@ WikittyAuthorisation auth = new WikittyAuthorisationImpl(aWikitty); service.store(ownerToken, aWikitty); - String adminId = securityService.getUserWikittyId(null, "admin"); + WikittyProxy proxy = new WikittyProxy(securityService); + String adminId = WikittySecurityHelper.getUserWikittyId(proxy, "admin"); auth.clearReader(); auth.clearWriter(); @@ -168,9 +206,9 @@ log.debug("restored wikitty is " + restoredWikitty); assertNotNull(restoredWikitty); } - + /* *** level 2 security tests ***/ - + /** test level 2 reader right */ @Test public void checkReaderRightOnExtension() { @@ -193,7 +231,7 @@ } catch (SecurityException e) { fail("no exception should have been raised"); } - + try { service.store(readerToken, aWikitty); service.restoreExtension(readerToken, extension.getId()); @@ -206,7 +244,7 @@ @Test public void checkWriterRightOnExtension() { - + FieldType fieldType = new FieldType(FieldType.TYPE.STRING, 0, 1); service.restoreExtensionLastVersion(writerToken, extension.getName()); @@ -227,11 +265,14 @@ @Test public void checkAdminRightOnExtension() { // TODO 20100923 bleny check that store with no sufficient rights fail - - Wikitty extensionAuthorisation = securityService.restoreExtensionAuthorisation(adminToken, extension); + WikittyProxy adminProxy = new WikittyProxy(securityService); + adminProxy.setSecurityToken(adminToken); + Wikitty extensionAuthorisation = + WikittySecurityHelper.restoreExtensionAuthorisation(adminProxy, extension); + log.debug("initial rights " + extensionAuthorisation); - + // set no reader, ID1 as single writer and ID2 as owner WikittyAuthorisationHelper.clearReader(extensionAuthorisation); WikittyAuthorisationHelper.clearWriter(extensionAuthorisation); @@ -244,16 +285,17 @@ // WikittyAuthorisationHelper.clearAdmin(extensionAuthorisation); log.debug("will store rights " + extensionAuthorisation); - + try { - securityService.storeExtensionAuthorisation(writerToken, extensionAuthorisation); + securityService.store(writerToken, extensionAuthorisation); fail("an exception should habe raised"); } catch (SecurityException e) {} - - securityService.storeExtensionAuthorisation(adminToken, extensionAuthorisation); + securityService.store(adminToken, extensionAuthorisation); + // now, restore and check that rights are preserved - extensionAuthorisation = securityService.restoreExtensionAuthorisation(adminToken, extension); + extensionAuthorisation = + WikittySecurityHelper.restoreExtensionAuthorisation(adminProxy, extension); log.debug("restored rights " + extensionAuthorisation); @@ -264,9 +306,9 @@ assertTrue(WikittyAuthorisationHelper.getWriter(extensionAuthorisation).contains("ID1")); // ... and no one else assertEquals(1, WikittyAuthorisationHelper.getWriter(extensionAuthorisation).size()); - + // check that ID2 is owner assertTrue(WikittyAuthorisationHelper.getOwner(extensionAuthorisation).contains("ID2")); - + } }
participants (1)
-
bpoussin@users.nuiton.org