/* * Copyright 2005 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.wamblee.photos.authorization; import junit.framework.TestCase; import org.wamblee.photos.authorizationrules.PageAuthorizationRule; import org.wamblee.photos.tapestry.AdminPage; import org.wamblee.photos.tapestry.AlbumPage; import org.wamblee.photos.tapestry.EditProfilePage; import org.wamblee.photos.tapestry.PhotoPage; import org.wamblee.security.authorization.AllOperation; import org.wamblee.security.authorization.AnyUserCondition; import org.wamblee.security.authorization.AuthorizationResult; import org.wamblee.security.authorization.AuthorizationRule; import org.wamblee.security.authorization.GroupUserCondition; import org.wamblee.usermgt.User; import org.wamblee.usermgt.UserMgtException; import org.wamblee.usermgt.UsermgtTestUtils; /** * Tests the page authorization rule. */ public class PageAuthorizationRuleTest extends TestCase { private static final String ADMIN_GROUP = "administrators"; /** * Constructs a rule for zero pages. Verifies that every page gives an * undecided result. * */ public void testNoPages() throws UserMgtException { AuthorizationRule rule = new PageAuthorizationRule( AuthorizationResult.GRANTED, new AnyUserCondition(), new String[0]); User user = UsermgtTestUtils.createUser("erik"); for (Object resource : new Object[] { new TestPage(AlbumPage.PAGE_NAME), new TestPage( PhotoPage.PAGE_NAME), new TestPage( AdminPage.PAGE_NAME), new TestPage( EditProfilePage.PAGE_NAME) }) { assertEquals(resource.getClass().getName(), AuthorizationResult.UNDECIDED, rule.isAllowed(resource, new AllOperation(), user)); } } /** * Constructs a rule to have access only to the adminpage by the admin user. * Verifies that only administrators have access. * */ public void testAdminPage() throws UserMgtException { AuthorizationRule rule = new PageAuthorizationRule( AuthorizationResult.GRANTED, new GroupUserCondition(ADMIN_GROUP), new String[] { AdminPage.PAGE_NAME }); User admin = UsermgtTestUtils.createUser("erik", ADMIN_GROUP); User regular = UsermgtTestUtils.createUser("regular"); Object adminPage = new TestPage(AdminPage.PAGE_NAME); // admin has access to it. assertEquals(AuthorizationResult.GRANTED, rule.isAllowed(adminPage, new AllOperation(), admin)); // regular users are not granted access by this rule. assertEquals(AuthorizationResult.UNDECIDED, rule.isAllowed(adminPage, new AllOperation(), regular)); // the rule also doesn't apply to other pages assertEquals(AuthorizationResult.UNDECIDED, rule.isAllowed(new TestPage(AlbumPage.PAGE_NAME), new AllOperation(), regular)); } public void testMultiplePages() throws UserMgtException { AuthorizationRule rule = new PageAuthorizationRule( AuthorizationResult.GRANTED, new AnyUserCondition(), new String[] { AlbumPage.PAGE_NAME, PhotoPage.PAGE_NAME, EditProfilePage.PAGE_NAME } ); User user = UsermgtTestUtils.createUser("erik"); for (Object resource : new Object[] { new TestPage(AlbumPage.PAGE_NAME), new TestPage( PhotoPage.PAGE_NAME), new TestPage( EditProfilePage.PAGE_NAME) }) { assertEquals(resource.getClass().getName(), AuthorizationResult.GRANTED, rule.isAllowed(resource, new AllOperation(), user)); } assertEquals( AuthorizationResult.UNDECIDED, rule.isAllowed(new TestPage(AdminPage.PAGE_NAME), new AllOperation(), user)); } }