/*
 * Copyright 2005 the original author or authors.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */ 

package org.wamblee.security.authorization;

import static org.wamblee.security.authorization.AuthorizationResult.GRANTED;
import static org.wamblee.security.authorization.AuthorizationResult.UNDECIDED;
import static org.wamblee.security.authorization.AuthorizationResult.UNSUPPORTED_RESOURCE;
import junit.framework.TestCase;

import org.wamblee.usermgt.User;


/**
 * Tests for the {@link org.wamblee.security.authorization.UrlAuthorizationRule}. 
 */
public class UrlAuthorizationRuleTest extends TestCase {

    /**
     * Constructs the rule with a result of UNDECIDED. Verifies that an IllegalArgumentException 
     * is thrown. 
     *
     */
    public void testConstructWithUndecidedResult() { 
        try { 
            new TestAuthorizationRule(UNDECIDED, "users", "/path", ReadOperation.class);
            fail();
        } catch (IllegalArgumentException e) { 
            // ok 
        }
    }
    
    /**
     * Constructs the rule with a result of UNSUPPORTED_RESOURCE. Verifies that an IllegalArgumentException 
     * is thrown. 
     *
     */
    public void testConstructWithUnsupportedResult() { 
        try { 
            new TestAuthorizationRule(UNSUPPORTED_RESOURCE, "users", "/path", ReadOperation.class);
            fail();
        } catch (IllegalArgumentException e) { 
            // ok 
        }
    }
    
    /**
     * Constructs the authorization rule and applies it to an unsupported object type. 
     * Verifies that the result is UNSUPPORTED_RESOURCE. 
     *
     */
    public void testUnsupportedObject() { 
        AuthorizationRule rule = new TestAuthorizationRule(GRANTED, "users", "/path", ReadOperation.class);
        assertEquals(UNSUPPORTED_RESOURCE, rule.isAllowed("hello", new ReadOperation(), new TestUserAccessor().getCurrentUser()));
    }
    
    public void testMatchingScenarios() { 
        AuthorizationRule rule = new TestAuthorizationRule(GRANTED, "users", "/path/", ReadOperation.class);
        User user = new TestUserAccessor().getCurrentUser();
        
        // everything matches
        assertEquals(GRANTED, rule.isAllowed(new TestResource("/path/a"), new ReadOperation(), user));
        assertEquals(GRANTED, rule.isAllowed(new TestResource("/path/"), new ReadOperation(), user));
        
        // path does not match. 
        assertEquals(UNDECIDED, rule.isAllowed(new TestResource("/path"), new ReadOperation(), user));
        
        // operation does not match. 
        assertEquals(UNDECIDED, rule.isAllowed(new TestResource("/path/"), new WriteOperation(), user));
        
        // group does not match. 
        AuthorizationRule rule2 = new TestAuthorizationRule(GRANTED, "users2", "/path/", ReadOperation.class);
        assertEquals(UNDECIDED, rule2.isAllowed(new TestResource("/path/a"), new ReadOperation(), user));
    }
    
}