Skip to content

Commit

Permalink
added tests for locating ACLs on parent resources
Browse files Browse the repository at this point in the history
  • Loading branch information
@acoburn
acoburn committed Sep 4, 2015
1 parent b5de8b4 commit 943d460
Show file tree
Hide file tree
Showing 2 changed files with 68 additions and 5 deletions.
11 changes: 6 additions & 5 deletions src/main/java/org/fcrepo/auth/webac/impl/WebACAccessRolesProvider.java
View file
Expand Up @@ -41,7 +41,6 @@
import java.util.function.Predicate;
import java.util.stream.Collectors;


import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
Expand Down Expand Up @@ -73,8 +72,7 @@ class WebACAccessRolesProvider implements AccessRolesProvider {
private NodeService nodeService;

@Override
public void postRoles(final Node node, final Map<String, Set<String>> data)
throws RepositoryException {
public void postRoles(final Node node, final Map<String, Set<String>> data) throws RepositoryException {
throw new UnsupportedOperationException("postRoles() is not implemented");
}

Expand Down Expand Up @@ -253,14 +251,17 @@ private static Optional<Pair<URI, FedoraResource>> getEffectiveAcl(final FedoraR
if (resource.hasProperty(WEBAC_ACCESS_CONTROL_VALUE)) {
return Optional.of(
Pair.of(
new URI(resource.getProperty(WEBAC_ACCESS_CONTROL_VALUE).getString()),
URI.create(resource.getProperty(WEBAC_ACCESS_CONTROL_VALUE).getString()),
resource));
} else if (resource.getNode().getDepth() == 0) {
LOGGER.debug("No ACLs defined on this node or in parent hierarchy");
return Optional.empty();
} else {
LOGGER.trace("Checking parent resource for ACL. No ACL found at {}", resource.getPath());
return getEffectiveAcl(resource.getContainer());
}
} catch (final Exception ex) {
} catch (final RepositoryException ex) {
LOGGER.debug("Exception finding effective ACL: {}", ex);
return Optional.empty();
}
}
Expand Down
62 changes: 62 additions & 0 deletions src/test/java/org/fcrepo/auth/webac/impl/WebACAccessRolesProviderTest.java
View file
Expand Up @@ -68,6 +68,9 @@ public class WebACAccessRolesProviderTest {
@Mock
private Node mockNode;

@Mock
private Node mockParentNode;

@Mock
private Session mockSession;

Expand All @@ -77,6 +80,9 @@ public class WebACAccessRolesProviderTest {
@Mock
private FedoraResource mockResource;

@Mock
private FedoraResource mockParentResource;

@Mock
private FedoraResource mockAclResource;

Expand All @@ -99,10 +105,66 @@ public void setUp() throws RepositoryException {
when(mockNode.getSession()).thenReturn(mockSession);

when(mockResource.getNode()).thenReturn(mockNode);
when(mockNode.getDepth()).thenReturn(0);
when(mockResource.hasProperty(WEBAC_ACCESS_CONTROL_VALUE)).thenReturn(true);
when(mockResource.getProperty(WEBAC_ACCESS_CONTROL_VALUE)).thenReturn(mockProperty);
}

@Test
public void noAclTest() throws RepositoryException {
final String accessTo = "http://localhost:8080/rest/dark/archive/sunshine";

when(mockResource.getPath()).thenReturn(accessTo);
when(mockResource.hasProperty(WEBAC_ACCESS_CONTROL_VALUE)).thenReturn(false);
when(mockResource.getContainer()).thenReturn(mockParentResource);
when(mockParentResource.hasProperty(WEBAC_ACCESS_CONTROL_VALUE)).thenReturn(false);
when(mockParentResource.getNode()).thenReturn(mockParentNode);
when(mockNode.getDepth()).thenReturn(1);
when(mockParentNode.getDepth()).thenReturn(0);

final Map<String, List<String>> roles = roleProvider.getRoles(mockNode, true);

assertTrue("There should be no agents in the roles map", roles.isEmpty());
}

@Test
public void acl01ParentTest() throws RepositoryException {
final String agent = "smith123";
final String accessTo = "http://localhost:8080/rest/webacl_box1";
final String acl = "/acls/01";
final String auth = acl + "/authorization.ttl";

when(mockResource.getPath()).thenReturn(accessTo);
when(mockResource.hasProperty(WEBAC_ACCESS_CONTROL_VALUE)).thenReturn(false);
when(mockResource.getContainer()).thenReturn(mockParentResource);
when(mockResource.getPath()).thenReturn(accessTo + "/foo");
when(mockNode.getDepth()).thenReturn(1);

when(mockParentResource.hasProperty(WEBAC_ACCESS_CONTROL_VALUE)).thenReturn(true);
when(mockParentResource.getNode()).thenReturn(mockParentNode);
when(mockParentResource.getProperty(WEBAC_ACCESS_CONTROL_VALUE)).thenReturn(mockProperty);
when(mockParentResource.getPath()).thenReturn(accessTo);
when(mockParentNode.getDepth()).thenReturn(0);

when(mockProperty.getString()).thenReturn(acl);
when(mockNodeService.find(mockSession, acl)).thenReturn(mockAclResource);
when(mockAclResource.getPath()).thenReturn(acl);

when(mockAuthorizationResource1.getTypes()).thenReturn(Arrays.asList(WEBAC_AUTHORIZATION));
when(mockAuthorizationResource1.getPath()).thenReturn(auth);
when(mockAuthorizationResource1.getTriples(anyObject(),
eq(PropertiesRdfContext.class))).thenReturn(getRdfStreamFromResource(auth, TTL));

when(mockAclResource.getChildren()).thenReturn(Arrays.asList(mockAuthorizationResource1).iterator());

final Map<String, List<String>> roles = roleProvider.getRoles(mockNode, true);

assertEquals("There should be exactly one agent in the role map", 1, roles.size());
assertEquals("The agent should have exactly two modes", 2, roles.get(agent).size());
assertTrue("The agent should be able to read", roles.get(agent).contains(WEBAC_MODE_READ_VALUE));
assertTrue("The agent should be able to write", roles.get(agent).contains(WEBAC_MODE_WRITE_VALUE));
}

@Test
public void acl01Test1() throws RepositoryException {
final String agent = "smith123";
Expand Down

0 comments on commit 943d460

Please sign in to comment.