[utils] /

/*
 * Copyright 2005 the original author or authors.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */ 

package org.wamblee.security.authorization;

import static org.wamblee.security.authorization.AuthorizationResult.DENIED;
import static org.wamblee.security.authorization.AuthorizationResult.GRANTED;
import junit.framework.TestCase;

import org.wamblee.usermgt.UserAccessor;

/**
 * Tests the authorization service. 
 *
 * @author Erik Brakkee
 */
public class AuthorizationServiceTest extends TestCase {
    
    private AuthorizationRule _rule1; 
    private AuthorizationRule _rule2;  
    private AuthorizationRule _rule3; 
    private AuthorizationService _service; 
    
    protected AuthorizationService getService() { 
        return _service; 
    }
    
    /* (non-Javadoc)
     * @see junit.framework.TestCase#setUp()
     */
    @Override
    protected void setUp() throws Exception {
        super.setUp();
        
        _rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class); 
        _rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class); 
        _rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class);
        
        _service = createService(); 
        _service.appendRule(_rule1); 
        _service.appendRule(_rule2);
        _service.appendRule(_rule3);
    }
    
    protected void resetTestRules() { 
        ((TestAuthorizationRule)_rule1).reset(); 
        ((TestAuthorizationRule)_rule2).reset(); 
        ((TestAuthorizationRule)_rule3).reset(); 
    }
    
    protected UserAccessor createUserAccessor() { 
        return new TestUserAccessor(); 
    }

    /**
     * Creates an authorization service with some rules for testing. . 
     * @return Authorization service. 
     */
    protected AuthorizationService createService() {
        DefaultAuthorizationService service = new DefaultAuthorizationService() ;
        service.setUserAccessor(createUserAccessor());
        return service;
    }
    
    protected AuthorizationRule createRule(AuthorizationResult aResult, String aGroup, String aPath, Class<? extends Operation> aOperation) { 
        return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation);
    }
    
    protected void checkMatchCount(int aCount, AuthorizationRule aRule) { 
        assertEquals( aCount,  ((TestAuthorizationRule)aRule).getMatchCount()); 
    }
    
    protected Object createResource(String aPath) { 
        return new TestResource(aPath);
    }
    
    protected void checkRuleCount(int aCount) { 
        // Empty
    }
    
    /**
     * Several checks to verify the outcome of matching against the first rule. 
     *
     */
    public void testFirstRuleGrants() { 
        assertTrue( _service.isAllowed(createResource("/oni/xyz.jpg"), new ReadOperation())); 
        checkMatchCount(1, _rule1);
        assertTrue(_service.isAllowed(createResource("/oni/xyz.jpg"), new WriteOperation())); 
        checkMatchCount(2, _rule1);
        assertTrue(_service.isAllowed(createResource("/oni/xyz.jpg"), new DeleteOperation())); 
        checkMatchCount(3, _rule1);
        assertTrue(_service.isAllowed(createResource("/oni/xyz.jpg"), new CreateOperation())); 
        checkMatchCount(4, _rule1);
        checkMatchCount(0, _rule2);
        checkMatchCount(0, _rule3);
    }
    
    /**
     * Verify that a match with the second rule leads to a denial of authorization. 
     *
     */
    public void testSecondRuleDenies() {
        assertFalse(_service.isAllowed(createResource("/abc/xyz.jpg"), new ReadOperation())); 
        checkMatchCount(0, _rule1);
        checkMatchCount(1, _rule2);
        checkMatchCount(0, _rule3);
    }
    
    /**
     * Verifies that the third rule is used when appropriate and that it grants access. 
     *
     */
    public void testThirdRuleGrants() { 
        assertTrue(_service.isAllowed(createResource("/abc/xyz.jpg"), new WriteOperation())); 
        checkMatchCount(0, _rule1); 
        checkMatchCount(0, _rule2);
        checkMatchCount(1, _rule3); 
    }
    
    /**
     * Removes a rule and checks it is removed. 
     *
     */
    public void testRemoveRule() { 
        checkRuleCount(3);
        assertTrue(_service.isAllowed(createResource("/abc/xyz.jpg"), new WriteOperation())); 
        _service.removeRule(2); 
        assertFalse(_service.isAllowed(createResource("/abc/xyz.jpg"), new WriteOperation()));
        checkRuleCount(2);
    }
    
    /**
     * Inserts a rule and checks it is inserted. 
     *
     */
    public void testInsertRule() {
        checkRuleCount(3);
        assertFalse(_service.isAllowed(createResource("/janse/xyz.jpg"), new WriteOperation()));     
        _service.appendRule(createRule(GRANTED, "users", "/janse/", WriteOperation.class));
        assertTrue(_service.isAllowed(createResource("/janse/xyz.jpg"), new WriteOperation()));
        checkRuleCount(4);
            
    }
   
    /**
     * Gets the rules. Verifies that all rules are obtained. 
     *
     */
    public void testGetRules() { 
        AuthorizationRule[] rules = _service.getRules();
        assertEquals(3, rules.length); 
    }
    
    /**
     * Verifies that when no rules match, access is denied. 
     *
     */
    public void testNoRulesSupportResource() { 
        assertFalse(_service.isAllowed(createResource("/xyxyxyxy"), new ReadOperation()));
        checkMatchCount(0, _rule1); 
        checkMatchCount(0, _rule2);
        checkMatchCount(0, _rule3); 
    }
}