org.springframework.security.acls.domain.GrantedAuthoritySid Java Examples
The following examples show how to use
org.springframework.security.acls.domain.GrantedAuthoritySid.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PermissionsControllerTest.java From molgenis with GNU Lesser General Public License v3.0 | 6 votes |
@BeforeEach private void beforeMethod() { RSQLParser rsqlParser = new RSQLParser(); PermissionsController controller = new PermissionsController( permissionsService, rsqlParser, objectIdentityService, userRoleTools, entityHelper); mockMvc = MockMvcBuilders.standaloneSetup(controller) .setMessageConverters(new FormHttpMessageConverter(), gsonHttpMessageConverter) .build(); user1 = new PrincipalSid("user1"); user2 = new PrincipalSid("user2"); role1 = new GrantedAuthoritySid("ROLE_role1"); role2 = new GrantedAuthoritySid("ROLE_role2"); objectIdentity = new ObjectIdentityImpl("typeId", "identifier"); }
Example #2
Source File: UserRoleToolsTest.java From molgenis with GNU Lesser General Public License v3.0 | 6 votes |
@Test void testGetSids() { List<Sid> expected = Arrays.asList( new PrincipalSid("user1"), new PrincipalSid("user2"), new GrantedAuthoritySid("ROLE_role1"), new GrantedAuthoritySid("ROLE_role2")); Query query = mock(Query.class); doReturn(query).when(query).eq(RoleMetadata.NAME, "role1"); doReturn(query).when(query).eq(RoleMetadata.NAME, "role2"); doReturn(mock(Role.class)).when(query).findOne(); doReturn(mock(User.class)).when(userService).getUser("user1"); doReturn(mock(User.class)).when(userService).getUser("user2"); when(dataService.query(RoleMetadata.ROLE, Role.class)).thenReturn(query); when(query.findOne()).thenReturn(mock(Role.class)); assertTrue( userRoleTools .getSids(Arrays.asList("user1", "user2"), Arrays.asList("role1", "role2")) .containsAll(expected)); }
Example #3
Source File: UserRoleToolsTest.java From molgenis with GNU Lesser General Public License v3.0 | 6 votes |
@Test void testGetAllAvailableSids() { User user = mock(User.class); when(user.getUsername()).thenReturn("username"); doReturn(true) .when(userPermissionEvaluator) .hasPermission(new EntityTypeIdentity(UserMetadata.USER), READ_DATA); doReturn(true) .when(userPermissionEvaluator) .hasPermission(new EntityTypeIdentity(RoleMetadata.ROLE), READ_DATA); when(userService.getUsers()).thenReturn(Collections.singletonList(user)); Role role = mock(Role.class); when(role.getString(RoleMetadata.NAME)).thenReturn("role1"); List<Entity> roles = Collections.singletonList(role); when(dataService.findAll(RoleMetadata.ROLE)).thenReturn(roles.stream()); assertEquals( newHashSet( new GrantedAuthoritySid("ROLE_role1"), new GrantedAuthoritySid("ROLE_ANONYMOUS"), new PrincipalSid("username")), userRoleTools.getAllAvailableSids()); }
Example #4
Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
public List<String> getAllAclSids(Acl acl, String type) { if (null == acl) { return Collections.emptyList(); } List<String> result = new ArrayList<>(); for (AccessControlEntry ace : acl.getEntries()) { String name = null; if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) { name = ((PrincipalSid) ace.getSid()).getPrincipal(); } if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) { name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority(); } if (!StringUtils.isBlank(name)) { result.add(name); } } return result; }
Example #5
Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
private Map<String, Integer> getProjectPermission(String project) { Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid(); AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid); Acl acl = getAcl(ae); if (acl != null && acl.getEntries() != null) { List<AccessControlEntry> aces = acl.getEntries(); for (AccessControlEntry ace : aces) { Sid sid = ace.getSid(); if (sid instanceof PrincipalSid) { String principal = ((PrincipalSid) sid).getPrincipal(); SidWithPermission.put(principal, ace.getPermission().getMask()); } if (sid instanceof GrantedAuthoritySid) { String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority(); SidWithPermission.put(grantedAuthority, ace.getPermission().getMask()); } } } return SidWithPermission; }
Example #6
Source File: MultiTenancySupport.java From haven-platform with Apache License 2.0 | 6 votes |
/** * Fix null tenant for principals and validate. * @param sid * @param <T> * @return */ @SuppressWarnings("unchecked") public static <T extends TenantSid> T fixTenant(T sid) { if(sid == null) { return sid; } final String tenant = sid.getTenant(); if(sid instanceof GrantedAuthoritySid && tenant == null) { return sid; } Authentication auth = SecurityContextHolder.getContext().getAuthentication(); ExtendedUserDetails eud = (ExtendedUserDetails) auth.getPrincipal(); final String authTenant = eud.getTenant(); if(authTenant.equals(tenant)) { return sid; } if(tenant == null) { return (T) TenantPrincipalSid.from((PrincipalSid) sid); } if(!ROOT_TENANT.equals(authTenant)) { // we must check tenancy access through TenantHierarchy, but now we does not have any full tenancy support throw new IllegalArgumentException("Sid " + sid + " has incorrect tenant: " + tenant + " it allow only for root tenant."); } return sid; }
Example #7
Source File: PermissionInheritanceResolverTest.java From molgenis with GNU Lesser General Public License v3.0 | 6 votes |
@Test void testGetInheritedPermissions() { Sid user = mock(PrincipalSid.class); Sid role1Sid = new GrantedAuthoritySid("ROLE_role1"); Sid role2Sid = new GrantedAuthoritySid("ROLE_role2"); Sid role3Sid = new GrantedAuthoritySid("ROLE_role3"); // Acl setup Acl parentPackageAcl = PermissionTestUtils.getSinglePermissionAcl(role3Sid, 16, "parentPackageAcl"); Acl packageAcl = PermissionTestUtils.getSinglePermissionAcl(user, 4, "packageAcl", parentPackageAcl); Acl entityAcl = PermissionTestUtils.getSinglePermissionAcl(role2Sid, 8, "entityAcl", packageAcl); doReturn(Arrays.asList(role1Sid, role2Sid)).when(userRoleTools).getRolesForSid(user); doReturn(singletonList(role3Sid)).when(userRoleTools).getRolesForSid(role1Sid); InheritedPermissionsResult expected = getInheritedPermissionsResult(packageAcl, parentPackageAcl, role1Sid, role2Sid, role3Sid); assertEquals(expected, resolver.getInheritedPermissionsResults(entityAcl, user)); }
Example #8
Source File: UserRoleTools.java From molgenis with GNU Lesser General Public License v3.0 | 6 votes |
Set<Sid> getAllAvailableSids() { Set<Sid> sids = new HashSet<>(); if (userPermissionEvaluator.hasPermission( new EntityTypeIdentity(UserMetadata.USER), READ_DATA)) { sids = userService.getUsers().stream() .map(user -> new PrincipalSid(user.getUsername())) .collect(toSet()); } if (userPermissionEvaluator.hasPermission( new EntityTypeIdentity(RoleMetadata.ROLE), READ_DATA)) { Set<Sid> roles = dataService .findAll(RoleMetadata.ROLE) .map(role -> new GrantedAuthoritySid(ROLE_PREFIX + role.getString(RoleMetadata.NAME))) .collect(toSet()); sids.addAll(roles); } sids.add(SidUtils.createSecurityContextSid()); return sids; }
Example #9
Source File: AccessService.java From kylin with Apache License 2.0 | 6 votes |
public List<String> getAllAclSids(Acl acl, String type) { if (null == acl) { return Collections.emptyList(); } List<String> result = new ArrayList<>(); for (AccessControlEntry ace : acl.getEntries()) { String name = null; if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) { name = ((PrincipalSid) ace.getSid()).getPrincipal(); } if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) { name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority(); } if (!StringUtils.isBlank(name)) { result.add(name); } } return result; }
Example #10
Source File: AccessService.java From kylin with Apache License 2.0 | 6 votes |
private Map<String, Integer> getProjectPermission(String project) { Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid(); AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid); Acl acl = getAcl(ae); if (acl != null && acl.getEntries() != null) { List<AccessControlEntry> aces = acl.getEntries(); for (AccessControlEntry ace : aces) { Sid sid = ace.getSid(); if (sid instanceof PrincipalSid) { String principal = ((PrincipalSid) sid).getPrincipal(); SidWithPermission.put(principal, ace.getPermission().getMask()); } if (sid instanceof GrantedAuthoritySid) { String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority(); SidWithPermission.put(grantedAuthority, ace.getPermission().getMask()); } } } return SidWithPermission; }
Example #11
Source File: TenantBasedPermissionGrantedStrategy.java From haven-platform with Apache License 2.0 | 6 votes |
/** * Note that position of SIDs is important * @param authSid * @param aclSid * @return */ private boolean compareSids(Sid authSid, Sid aclSid) { if(MultiTenancySupport.isNoTenant(aclSid)) { // acl sid can has no tenant, we must consider this // not that null tenant mean that it common rule for any GrantedAuthorities of tenants if(authSid instanceof GrantedAuthoritySid) { return (aclSid instanceof GrantedAuthoritySid) && Objects.equals( ((GrantedAuthoritySid) authSid).getGrantedAuthority(), ((GrantedAuthoritySid) aclSid).getGrantedAuthority() ); } if(authSid instanceof PrincipalSid) { return (aclSid instanceof PrincipalSid) && Objects.equals( ((PrincipalSid) authSid).getPrincipal(), ((PrincipalSid) aclSid).getPrincipal() ); } } // there a unsupported sids or its has tenant, compare its as usual objects return aclSid.equals(authSid); }
Example #12
Source File: UserRoleToolsTest.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
@Test void testSortSids() { Sid sid1 = new PrincipalSid("b"); Sid sid2 = new PrincipalSid("a"); Sid sid3 = new GrantedAuthoritySid("ROLE_b"); Sid sid4 = new GrantedAuthoritySid("ROLE_a"); LinkedList expected = new LinkedList<>(); expected.addAll(Arrays.asList(sid2, sid4, sid1, sid3)); assertEquals(expected, userRoleTools.sortSids(newHashSet(sid1, sid2, sid3, sid4))); }
Example #13
Source File: WebAppPermissionRegistryTest.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
@Test public void testGetPermissions() { Multimap<ObjectIdentity, Pair<PermissionSet, Sid>> permissions = new WebAppPermissionRegistry().getPermissions(); assertFalse(permissions.isEmpty()); Collection<Pair<PermissionSet, Sid>> pairs = permissions.get(new PluginIdentity(HomeController.ID)); assertEquals( singleton(new Pair<>(READ, new GrantedAuthoritySid("ROLE_ANONYMOUS"))), copyOf(pairs)); }
Example #14
Source File: SidInfo.java From kylin-on-parquet-v2 with Apache License 2.0 | 5 votes |
public SidInfo(Sid sid) { if (sid instanceof PrincipalSid) { this.sid = ((PrincipalSid) sid).getPrincipal(); this.isPrincipal = true; } else if (sid instanceof GrantedAuthoritySid) { this.sid = ((GrantedAuthoritySid) sid).getGrantedAuthority(); this.isPrincipal = false; } else throw new IllegalStateException(); }
Example #15
Source File: UserRoleToolsTest.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
@Test void testGetRolesForSid() { User molgenisUser = mock(User.class); when(molgenisUser.getId()).thenReturn("user"); when(userService.getUser("user")).thenReturn(molgenisUser); PrincipalSid user = mock(PrincipalSid.class); when(user.getPrincipal()).thenReturn("user"); Role role1 = mock(Role.class); when(role1.getName()).thenReturn("role1"); Role role2 = mock(Role.class); when(role2.getName()).thenReturn("role2"); RoleMembership roleMembership1 = mock(RoleMembership.class); RoleMembership roleMembership2 = mock(RoleMembership.class); when(roleMembership1.getRole()).thenReturn(role1); when(roleMembership2.getRole()).thenReturn(role2); Repository userRepository = mock(Repository.class); Query userQuery = mock(Query.class); when(userQuery.eq(RoleMembershipMetadata.USER, "user")).thenReturn(userQuery); when(userQuery.findAll()).thenReturn(Stream.of(roleMembership1, roleMembership2)); when(userRepository.query()).thenReturn(userQuery); doReturn(userRepository) .when(dataService) .getRepository(RoleMembershipMetadata.ROLE_MEMBERSHIP, RoleMembership.class); doReturn(true) .when(userPermissionEvaluator) .hasPermission( new EntityTypeIdentity(RoleMembershipMetadata.ROLE_MEMBERSHIP), EntityTypePermission.READ_DATA); List<Sid> expected = Arrays.asList(new GrantedAuthoritySid("ROLE_role1"), new GrantedAuthoritySid("ROLE_role2")); UserRoleTools userRoleTools = new UserRoleTools(userService, dataService, userPermissionEvaluator); assertEquals(expected, userRoleTools.getRolesForSid(user)); }
Example #16
Source File: UserRoleToolsTest.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
@Test void testGetRoles() { Sid sid1 = new GrantedAuthoritySid("ROLE_a"); Sid sid2 = new GrantedAuthoritySid("ROLE_b"); LinkedList expected = new LinkedList<>(); expected.addAll(Arrays.asList(sid2, sid1)); Role role = mock(Role.class); Role roleA = mock(Role.class); when(roleA.getName()).thenReturn("a"); Role roleB = mock(Role.class); when(roleB.getName()).thenReturn("b"); when(role.getIncludes()).thenReturn(Arrays.asList(roleA, roleB)); Query query = mock(Query.class); Query query1 = mock(Query.class); Query query2 = mock(Query.class); when(dataService.query(RoleMetadata.ROLE, Role.class)).thenReturn(query); doReturn(query).when(query).eq(RoleMetadata.NAME, "role1"); doReturn(query1).when(query).eq(RoleMetadata.NAME, "a"); doReturn(query2).when(query).eq(RoleMetadata.NAME, "b"); when(query.findOne()).thenReturn(role); when(query1.findOne()).thenReturn(mock(Role.class)); when(query2.findOne()).thenReturn(mock(Role.class)); when(userPermissionEvaluator.hasPermission( new EntityTypeIdentity(RoleMetadata.ROLE), EntityTypePermission.READ_DATA)) .thenReturn(true); assertTrue( userRoleTools .getRoles( Sets.newHashSet( new GrantedAuthoritySid("ROLE_role1"), new GrantedAuthoritySid("ROLE_a"), new GrantedAuthoritySid("ROLE_b"))) .containsAll(expected)); }
Example #17
Source File: UnknownAceExceptionTest.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
@ParameterizedTest @MethodSource("languageMessageProvider") @Override protected void testGetLocalizedMessage(String lang, String message) { ExceptionMessageTest.assertExceptionMessageEquals( new UnknownAceException(objectIdentity, new GrantedAuthoritySid("ROLE_role1"), "delete"), lang, message); }
Example #18
Source File: UnknownAceExceptionTest.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
@Test void testGetMessage() { UnknownDataException ex = new UnknownAceException(objectIdentity, new GrantedAuthoritySid("ROLE_role1"), "delete"); assertEquals( "typeId:type, identifier:id, sid:GrantedAuthoritySid[ROLE_role1], operation:delete", ex.getMessage()); }
Example #19
Source File: DuplicatePermissionExceptionTest.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
@ParameterizedTest @MethodSource("languageMessageProvider") @Override protected void testGetLocalizedMessage(String lang, String message) { ExceptionMessageTest.assertExceptionMessageEquals( new DuplicatePermissionException(objectIdentity, new GrantedAuthoritySid("ROLE_role1")), lang, message); }
Example #20
Source File: JpaMutableAclService.java From Spring-Security-Third-Edition with MIT License | 5 votes |
/** * Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is * true. * * @param sid to find or create * @param allowCreate true if creation is permitted if not found * * @return the primary key or null if not found * * @throws IllegalArgumentException if the <tt>Sid</tt> is not a recognized implementation. */ protected AclSid createOrRetrieveSidPrimaryKey(Sid sid, boolean allowCreate) { Assert.notNull(sid, "Sid required"); String sidName; boolean sidIsPrincipal = true; if (sid instanceof PrincipalSid) { sidName = ((PrincipalSid) sid).getPrincipal(); } else if (sid instanceof GrantedAuthoritySid) { sidName = ((GrantedAuthoritySid) sid).getGrantedAuthority(); sidIsPrincipal = false; } else { throw new IllegalArgumentException("Unsupported implementation of Sid"); } List<AclSid> sidIds = aclDao.findAclSidList(Boolean.valueOf(sidIsPrincipal), sidName); if (!sidIds.isEmpty()) { return sidIds.get(0); } if (allowCreate) { AclSid sid2 = new AclSid(); sid2.setSid(sidName); sid2.setPrincipal(Boolean.valueOf(sidIsPrincipal)); return aclDao.createAclSid(sid2); } return null; }
Example #21
Source File: AccessService.java From Kylin with Apache License 2.0 | 5 votes |
public Sid getSid(String sid, boolean isPrincepal) { if (isPrincepal) { return new PrincipalSid(sid); } else { return new GrantedAuthoritySid(sid); } }
Example #22
Source File: ObjectIdentityServiceImpl.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
private String getSidString(Sid sid) { if (sid instanceof PrincipalSid) { return ((PrincipalSid) sid).getPrincipal(); } else if (sid instanceof GrantedAuthoritySid) { return ((GrantedAuthoritySid) sid).getGrantedAuthority(); } throw new IllegalArgumentException( "Sid type should always be either PrincipalSid or GrantedAuthoritySid"); }
Example #23
Source File: ObjectIdentityServiceImplTest.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
@Test void testGetNrOfObjectIdentities1() { Map<String, Object> paramMap = new HashMap<>(); paramMap.put("classId", "classId"); paramMap.put("sids", Collections.singletonList("ROLE_role1")); doReturn(new Integer(12)) .when(jdbcTemplate) .queryForObject( "SELECT COUNT( DISTINCT acl_object_identity.object_id_identity) FROM acl_object_identity LEFT JOIN acl_class ON acl_object_identity.object_id_class = acl_class.id LEFT JOIN acl_entry ON acl_entry.acl_object_identity = acl_object_identity.id LEFT JOIN acl_sid ON acl_entry.sid = acl_sid.id WHERE acl_class.class = :classId AND acl_sid.sid IN (:sids)", paramMap, Integer.class); Sid sid = new GrantedAuthoritySid("ROLE_role1"); assertEquals( 12, objectIdentityService.getNrOfObjectIdentities("classId", singleton(sid)).intValue()); }
Example #24
Source File: UserRoleTools.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
public static Optional<String> getRolename(Sid sid) { if (sid instanceof GrantedAuthoritySid) { String role = ((GrantedAuthoritySid) sid).getGrantedAuthority(); return Optional.of(SidUtils.getRoleName(role)); } return Optional.empty(); }
Example #25
Source File: UserRoleTools.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
public List<Sid> getRolesForSid(Sid sid) { List<Sid> roles = new ArrayList<>(); if (sid instanceof PrincipalSid) { roles = getRolesForUser(sid); } else if (sid instanceof GrantedAuthoritySid) { String role = ((GrantedAuthoritySid) sid).getGrantedAuthority(); roles = getParentRoles(getRoleName(role)); } return roles; }
Example #26
Source File: PermissionServiceImplTest.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
@Test void testSetPermissions() { Sid sid = new GrantedAuthoritySid("ROLE_role"); MutableAcl acl = mock(MutableAcl.class); ObjectIdentity objectIdentity = new ObjectIdentityImpl("entity-typeId", "identifier"); when(acl.getObjectIdentity()).thenReturn(objectIdentity); doReturn(acl).when(mutableAclService).readAclById(objectIdentity); AccessControlEntry ace1 = mock(AccessControlEntry.class); when(ace1.getSid()).thenReturn(sid); when(ace1.getPermission()).thenReturn(COUNT); when(acl.getEntries()).thenReturn(singletonList(ace1)); when(entityHelper.getLabelledObjectIdentity(acl.getObjectIdentity())) .thenReturn( LabelledObjectIdentity.create( "entity-typeId", "typeId", "typeLabel", "identifier", "identifierLabel")); when(userRoleTools.sortSids(singleton(sid))).thenReturn(new LinkedList(singletonList(sid))); when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId")); permissionsApiService.updatePermissions( singleton(Permission.create(objectIdentity, sid, WRITE))); verify(acl).deleteAce(0); verify(acl).insertAce(1, WRITE, sid, true); verify(mutableAclService, times(2)).updateAcl(acl); }
Example #27
Source File: PermissionServiceImplTest.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
@Test void testCreatePermission() { MutableAcl acl = mock(MutableAcl.class); when(mutableAclService.readAclById(new ObjectIdentityImpl("entity-typeId", "identifier"))) .thenReturn(acl); when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId")); Sid role = new GrantedAuthoritySid("ROLE_role"); permissionsApiService.createPermission( Permission.create(new ObjectIdentityImpl("entity-typeId", "identifier"), role, WRITE)); verify(acl).insertAce(0, WRITE, role, true); verify(mutableAclService).updateAcl(acl); }
Example #28
Source File: PermissionServiceImplTest.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
@Test void testCreatePermissions() { MutableAcl acl = mock(MutableAcl.class); MutableAcl acl2 = mock(MutableAcl.class); doReturn(acl) .when(mutableAclService) .readAclById(new ObjectIdentityImpl("entity-typeId", "identifier")); doReturn(acl2) .when(mutableAclService) .readAclById(new ObjectIdentityImpl("entity-typeId", "identifier2")); Permission permission1 = Permission.create( new ObjectIdentityImpl("entity-typeId", "identifier"), new GrantedAuthoritySid("ROLE_role"), WRITE); Permission permission2 = Permission.create( new ObjectIdentityImpl("entity-typeId", "identifier2"), new PrincipalSid("user1"), READ); Sid expectedSid = new GrantedAuthoritySid("ROLE_role"); Sid expectedSid2 = new PrincipalSid("user1"); when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId")); permissionsApiService.createPermissions(Sets.newHashSet(permission1, permission2)); verify(acl).insertAce(0, WRITE, expectedSid, true); verify(acl2).insertAce(0, READ, expectedSid2, true); verify(mutableAclService).updateAcl(acl); }
Example #29
Source File: PermissionServiceImplTest.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
@Test void testSetPermission() { Sid role = new GrantedAuthoritySid("ROLE_role"); MutableAcl acl = mock(MutableAcl.class); ObjectIdentity objectIdentity = mock(ObjectIdentity.class); when(acl.getObjectIdentity()).thenReturn(objectIdentity); doReturn(acl) .when(mutableAclService) .readAclById(new ObjectIdentityImpl("entity-typeId", "identifier")); when(acl.getObjectIdentity()).thenReturn(objectIdentity); AccessControlEntry ace1 = mock(AccessControlEntry.class); when(ace1.getSid()).thenReturn(role); when(ace1.getPermission()).thenReturn(COUNT); when(acl.getEntries()).thenReturn(singletonList(ace1)); when(entityHelper.getLabelledObjectIdentity(acl.getObjectIdentity())) .thenReturn( LabelledObjectIdentity.create( "entity-typeId", "typeId", "typeLabel", "identifier", "identifierLabel")); when(userRoleTools.sortSids(singleton(role))).thenReturn(new LinkedList(singletonList(role))); when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId")); permissionsApiService.updatePermission( Permission.create(new ObjectIdentityImpl("entity-typeId", "identifier"), role, WRITE)); verify(acl).deleteAce(0); verify(acl).insertAce(1, WRITE, role, true); verify(mutableAclService, times(2)).updateAcl(acl); }
Example #30
Source File: PermissionServiceImplTest.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
@Test void testCreateDuplicatePermission() { Sid role = new GrantedAuthoritySid("ROLE_role"); MutableAcl acl = mock(MutableAcl.class); ObjectIdentity objectIdentity = mock(ObjectIdentity.class); when(acl.getObjectIdentity()).thenReturn(objectIdentity); doReturn(acl) .when(mutableAclService) .readAclById(new ObjectIdentityImpl("entity-typeId", "identifier")); when(acl.getObjectIdentity()).thenReturn(objectIdentity); AccessControlEntry ace1 = mock(AccessControlEntry.class); when(ace1.getSid()).thenReturn(role); when(ace1.getPermission()).thenReturn(COUNT); when(acl.getEntries()).thenReturn(singletonList(ace1)); when(entityHelper.getLabelledObjectIdentity(acl.getObjectIdentity())) .thenReturn( LabelledObjectIdentity.create( "entity-typeId", "typeId", "typeLabel", "identifier", "identifierLabel")); when(userRoleTools.sortSids(singleton(role))).thenReturn(new LinkedList(singletonList(role))); when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId")); assertThrows( DuplicatePermissionException.class, () -> permissionsApiService.createPermission( Permission.create( new ObjectIdentityImpl("entity-typeId", "identifier"), role, WRITE))); }