Normal user can only change properties but not add child nodes.

- Add test for child node creation. https://www.pivotaltracker.com/story/show/72982948
fcrepo-exts · Nov 4, 2014 · 6a3c1a7 · 6a3c1a7
1 parent 06bb635
commit 6a3c1a7
Show file tree

Hide file tree

Showing 6 changed files with 259 additions and 5 deletions.
diff --git a/...les-basic/src/test/java/org/fcrepo/auth/roles/basic/integration/AbstractBasicRolesIT.java b/...les-basic/src/test/java/org/fcrepo/auth/roles/basic/integration/AbstractBasicRolesIT.java
@@ -167,6 +167,13 @@ private static List<RolesFadTestObjectBean> defineTestObjects() {
         objJ.addACL("exampleWriterReader", "writer");
         test_objs.add(objJ);
 
+        /* restricted child object with restricted parent */
+        final RolesFadTestObjectBean objK = new RolesFadTestObjectBean();
+        objK.setPath(testParent4 + "/" + testChild4WithACL);
+        objK.addACL("examplewriter", "writer");
+        objK.addACL("exampleadmin", "admin");
+        test_objs.add(objK);
+
         return test_objs;
 
     }

diff --git a/...-roles-basic/src/test/java/org/fcrepo/auth/roles/basic/integration/BasicRolesAdminIT.java b/...-roles-basic/src/test/java/org/fcrepo/auth/roles/basic/integration/BasicRolesAdminIT.java
@@ -29,6 +29,7 @@
 import org.fcrepo.auth.roles.common.integration.RolesFadTestObjectBean;
 
 import org.apache.http.client.ClientProtocolException;
+import org.junit.Ignore;
 import org.junit.Test;
 import org.slf4j.Logger;
 
@@ -44,6 +45,8 @@ public class BasicRolesAdminIT extends AbstractBasicRolesIT {
 
     private final static String TESTDS = "admintestds";
 
+    private final static String TESTCHILD = "admintestchild";
+
     @Override
     protected List<RolesFadTestObjectBean> getTestObjs() {
         return test_objs;
@@ -67,6 +70,15 @@ public void testAdminCanWriteDatastreamOnOpenObj()
                         TESTDS, true));
     }
 
+    @Test
+    public void testAdminCanAddChildToOpenObj()
+            throws ClientProtocolException, IOException {
+        assertEquals(
+                "Admin cannot add child to testparent1!", CREATED
+                .getStatusCode(), canAddChild("exampleadmin", testParent1,
+                        TESTCHILD, true));
+    }
+
     @Test
     public void testAdminCanAddACLToOpenObj()
             throws ClientProtocolException, IOException {
@@ -170,6 +182,16 @@ public void testAdminCanWriteDatastreamOnInheritedACLChildObj()
                         testParent1 + "/" + testChild1NoACL, TESTDS, true));
     }
 
+    @Test
+    public void testAdminCanAddChildToInheritedACLChildObj()
+            throws ClientProtocolException, IOException {
+        assertEquals(
+                "Admin cannot add child to testparent1/testchild1NoACL!",
+                CREATED
+                .getStatusCode(), canAddChild("exampleadmin",
+                        testParent1 + "/" + testChild1NoACL, TESTCHILD, true));
+    }
+
     @Test
     public void testAdminCanAddACLToInheritedACLChildObj()
             throws ClientProtocolException, IOException {
@@ -229,6 +251,15 @@ public void testAdminCanWriteDatastreamOnRestrictedChildObj()
                         testParent1 + "/" + testChild2WithACL, TESTDS, true));
     }
 
+    @Test
+    public void testAdminCanAddChildToRestrictedChildObj()
+            throws ClientProtocolException, IOException {
+        assertEquals(
+                "Admin cannot add child to testparent1/testchild2WithACL!",
+                CREATED.getStatusCode(), canAddChild("exampleadmin",
+                        testParent1 + "/" + testChild2WithACL, TESTCHILD, true));
+    }
+
     @Test
     public void testAdminCanAddACLToRestrictedChildObj()
             throws ClientProtocolException, IOException {
@@ -308,7 +339,7 @@ public void testAdminCanReadWriterRestrictedChildObj()
             throws ClientProtocolException, IOException {
         assertEquals("Admin cannot read testparent1/testchild4WithACL!", OK
                 .getStatusCode(), canRead("exampleadmin",
-                        testParent1 + "/" + testChild4WithACL, true));
+                testParent1 + "/" + testChild4WithACL, true));
     }
 
     @Test
@@ -320,6 +351,15 @@ public void testAdminCanWriteDatastreamOnWriterRestrictedChildObj()
                         testParent1 + "/" + testChild4WithACL, TESTDS, true));
     }
 
+    @Test
+    public void testAdminCanAddChildToWriterRestrictedChildObj()
+            throws ClientProtocolException, IOException {
+        assertEquals(
+                "Admin cannot add child to testparent1/testchild4WithACL!",
+                CREATED.getStatusCode(), canAddChild("exampleadmin",
+                        testParent1 + "/" + testChild4WithACL, TESTCHILD, true));
+    }
+
     @Test
     public void testAdminCanAddACLToWriterRestrictedChildObj()
             throws ClientProtocolException, IOException {
@@ -405,7 +445,7 @@ public void testAdminCanReadAdminObj() throws ClientProtocolException,
     IOException {
         assertEquals("Admin cannot read testparent2/testChild5WithACL!", OK
                 .getStatusCode(), canRead("exampleadmin",
-                        testParent2 + "/" + testChild5WithACL, true));
+                testParent2 + "/" + testChild5WithACL, true));
     }
 
     @Test
@@ -417,6 +457,15 @@ public void testAdminCanWriteDatastreamOnAdminObj()
                         testParent2 + "/" + testChild5WithACL, TESTDS, true));
     }
 
+    @Test
+    public void testAdminCanAddChildToAdminObj()
+            throws ClientProtocolException, IOException {
+        assertEquals(
+                "Admin cannot add child to testparent2/testChild5WithACL!",
+                CREATED.getStatusCode(), canAddChild("exampleadmin",
+                        testParent2 + "/" + testChild5WithACL, TESTCHILD, true));
+    }
+
     @Test
     public void testAdminCanAddACLToAdminObj()
             throws ClientProtocolException, IOException {
@@ -566,4 +615,14 @@ public void testAdminCannotAddACLToRootNode()
                 .getStatusCode(), canAddACL("exampleadmin", "/", "EVERYONE",
                         "admin", true));
     }
+
+    @Ignore("Awaiting bug fix for story 72982948")
+    @Test
+    public void testAdminCanAddChildToRestrictedChildObjUnderRestrictedParent()
+            throws ClientProtocolException, IOException {
+        assertEquals(
+                "Admin cannot add child to testparent4/testchild4WithACL!",
+                CREATED.getStatusCode(), canAddChild("exampleadmin",
+                        testParent4 + "/" + testChild4WithACL, TESTCHILD, true));
+    }
 }
diff --git a/...roles-basic/src/test/java/org/fcrepo/auth/roles/basic/integration/BasicRolesReaderIT.java b/...roles-basic/src/test/java/org/fcrepo/auth/roles/basic/integration/BasicRolesReaderIT.java
@@ -37,6 +37,8 @@ public class BasicRolesReaderIT extends AbstractBasicRolesIT {
 
     private final static String TESTDS = "readertestds";
 
+    private final static String TESTCHILD = "readertestchild";
+
     @Override
     protected List<RolesFadTestObjectBean> getTestObjs() {
         return test_objs;
@@ -60,6 +62,16 @@ public void testReaderCannotWriteDatastreamOnOpenObj()
                         TESTDS, true));
     }
 
+    @Test
+    public void testReaderCannotAddChildToOpenObj()
+            throws ClientProtocolException, IOException {
+        assertEquals(
+                "Reader should not be allowed to add child to testparent1!",
+                FORBIDDEN
+                .getStatusCode(), canAddChild("examplereader", testParent1,
+                        TESTCHILD, true));
+    }
+
     @Test
     public void testReaderCannotAddACLToOpenObj()
             throws ClientProtocolException, IOException {
@@ -160,6 +172,15 @@ public void testReaderCannotWriteDatastreamOnInheritedACLChildObj()
                         testParent1 + "/" + testChild1NoACL, TESTDS, true));
     }
 
+    @Test
+    public void testReaderCannotAddChildToInheritedACLChildObj()
+            throws ClientProtocolException, IOException {
+        assertEquals(
+                "Reader should not be allowed to add a child to testparent1/testchild1NoACL!",
+                FORBIDDEN.getStatusCode(), canAddChild("examplereader",
+                        testParent1 + "/" + testChild1NoACL, TESTCHILD, true));
+    }
+
     @Test
     public void testReaderCannotAddACLToInheritedACLChildObj()
             throws ClientProtocolException, IOException {
@@ -218,6 +239,15 @@ public void testReaderCannotWriteDatastreamOnRestrictedChildObj()
                         testParent1 + "/" + testChild2WithACL, TESTDS, true));
     }
 
+    @Test
+    public void testReaderCannotAddChildToRestrictedChildObj()
+            throws ClientProtocolException, IOException {
+        assertEquals(
+                "Reader should not be allowed to add a child to testparent1/testchild2WithACL!",
+                FORBIDDEN.getStatusCode(), canAddChild("examplereader",
+                        testParent1 + "/" + testChild2WithACL, TESTCHILD, true));
+    }
+
     @Test
     public void testReaderCannotAddACLToRestrictedChildObj()
             throws ClientProtocolException, IOException {
@@ -304,6 +334,15 @@ public void testReaderCannotWriteDatastreamOnWriterRestrictedChildObj()
                         testParent1 + "/" + testChild4WithACL, TESTDS, true));
     }
 
+    @Test
+    public void testReaderCannotAddChildToWriterRestrictedChildObj()
+            throws ClientProtocolException, IOException {
+        assertEquals(
+                "Reader should not be allowed to add a child to testparent1/testchild4WithACL!",
+                FORBIDDEN.getStatusCode(), canAddChild("examplereader",
+                        testParent1 + "/" + testChild4WithACL, TESTCHILD, true));
+    }
+
     @Test
     public void testReaderCannotAddACLToWriterRestrictedChildObj()
             throws ClientProtocolException, IOException {
@@ -390,6 +429,15 @@ public void testReaderCannotWriteDatastreamOnAdminObj()
                         testParent2 + "/" + testChild5WithACL, TESTDS, true));
     }
 
+    @Test
+    public void testReaderCannotAddChildToAdminObj()
+            throws ClientProtocolException, IOException {
+        assertEquals(
+                "Reader should not be allowed to add a child to testparent2/testchild5WithACL!",
+                FORBIDDEN.getStatusCode(), canAddChild("examplereader",
+                        testParent2 + "/" + testChild5WithACL, TESTCHILD, true));
+    }
+
     @Test
     public void testReaderCannotAddACLToAdminObj()
             throws ClientProtocolException, IOException {
@@ -494,6 +542,15 @@ public void testReaderCannotWriteDatastreamOnRootNode()
                 .getStatusCode(), canAddDS("examplereader", "/", TESTDS, true));
     }
 
+    @Test
+    public void testReaderCannotAddChildToRootNode()
+            throws ClientProtocolException, IOException {
+        assertEquals(
+                "Reader should not be allowed to add a child to root node!",
+                FORBIDDEN
+                .getStatusCode(), canAddChild("examplereader", "/", TESTCHILD, true));
+    }
+
     @Test
     public void testReaderCannotAddACLToRootNode()
             throws ClientProtocolException, IOException {

diff --git a/...rc/test/java/org/fcrepo/auth/roles/basic/integration/BasicRolesUnauthenticatedUserIT.java b/...rc/test/java/org/fcrepo/auth/roles/basic/integration/BasicRolesUnauthenticatedUserIT.java
@@ -36,6 +36,8 @@ public class BasicRolesUnauthenticatedUserIT extends AbstractBasicRolesIT {
 
     private final static String TESTDS = "uutestds";
 
+    private final static String TESTCHILD = "uutestchild";
+
     @Override
     protected List<RolesFadTestObjectBean> getTestObjs() {
         return test_objs;
@@ -58,6 +60,15 @@ public void testUnauthenticatedReaderCannotWriteDatastreamOnOpenObj()
                                                     TESTDS, false));
     }
 
+    @Test
+    public void testUnauthenticatedReaderCannotAddChildOnOpenObj()
+            throws IOException {
+        assertEquals(
+                "Unauthenticated user should not be allowed to add child to testparent1!",
+                FORBIDDEN.getStatusCode(), canAddChild(null, testParent1,
+                                                    TESTCHILD, false));
+    }
+
     @Test
     public void testUnauthenticatedReaderCannotAddACLToOpenObj()
             throws IOException {
@@ -161,6 +172,16 @@ public void testUnauthenticatedReaderCanReadInheritedACLChildObj()
                                                     testParent1 + "/" + testChild1NoACL, TESTDS, false));
     }
 
+    @Test
+    public void
+    testUnauthenticatedReaderCannotAddChildToInheritedACLChildObj()
+            throws IOException {
+        assertEquals(
+                "Unauthenticated user should not be allowed to add child to testparent1/testchild1NoACL!",
+                FORBIDDEN.getStatusCode(), canAddChild(null,
+                                                    testParent1 + "/" + testChild1NoACL, TESTCHILD, false));
+    }
+
     @Test
     public void testUnauthenticatedReaderCannotAddACLToInheritedACLChildObj()
             throws IOException {
@@ -225,6 +246,16 @@ public void testUnauthenticatedReaderCannotReadRestrictedChildObj()
                                                     testParent1 + "/" + testChild2WithACL, TESTDS, false));
     }
 
+    @Test
+    public void
+    testUnauthenticatedReaderCannotAddChildToRestrictedChildObj()
+            throws IOException {
+        assertEquals(
+                "Unauthenticated user should not be allowed to add child to testparent1/testchild2WithACL!",
+                FORBIDDEN.getStatusCode(), canAddChild(null,
+                                                    testParent1 + "/" + testChild2WithACL, TESTCHILD, false));
+    }
+
     @Test
     public void testUnauthenticatedReaderCannotAddACLToRestrictedChildObj()
             throws IOException {
@@ -290,6 +321,15 @@ public void testUnauthenticatedReaderCannotWriteDatastreamOnAdminObj()
                                                     testParent2 + "/" + testChild5WithACL, TESTDS, false));
     }
 
+    @Test
+    public void testUnauthenticatedReaderCannotAddChildToAdminObj()
+            throws IOException {
+        assertEquals(
+                "Unauthenticated user should not be allowed to add child to testparent2/testchild5WithACL!",
+                FORBIDDEN.getStatusCode(), canAddChild(null,
+                                                    testParent2 + "/" + testChild5WithACL, TESTCHILD, false));
+    }
+
     @Test
     public void testUnauthenticatedReaderCannotAddACLToAdminObj()
             throws IOException {
@@ -398,6 +438,14 @@ public void testUnauthenticatedReaderCannotWriteDatastreamOnRootNode()
                 FORBIDDEN.getStatusCode(), canAddDS(null, "/", TESTDS, false));
     }
 
+    @Test
+    public void testUnauthenticatedReaderCannotAddChildToRootNode()
+            throws IOException {
+        assertEquals(
+                "Unauthenticated user should not be allowed to add child to root node!",
+                FORBIDDEN.getStatusCode(), canAddChild(null, "/", TESTCHILD, false));
+    }
+
     @Test
     public void testUnauthenticatedReaderCannotAddACLToRootNode()
             throws IOException {