001: /******************************************************************************
002: * JBoss, a division of Red Hat *
003: * Copyright 2006, Red Hat Middleware, LLC, and individual *
004: * contributors as indicated by the @authors tag. See the *
005: * copyright.txt in the distribution for a full listing of *
006: * individual contributors. *
007: * *
008: * This is free software; you can redistribute it and/or modify it *
009: * under the terms of the GNU Lesser General Public License as *
010: * published by the Free Software Foundation; either version 2.1 of *
011: * the License, or (at your option) any later version. *
012: * *
013: * This software is distributed in the hope that it will be useful, *
014: * but WITHOUT ANY WARRANTY; without even the implied warranty of *
015: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
016: * Lesser General Public License for more details. *
017: * *
018: * You should have received a copy of the GNU Lesser General Public *
019: * License along with this software; if not, write to the Free *
020: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
021: * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
022: ******************************************************************************/package org.jboss.portal.test.cms.security;
023:
024: import junit.framework.TestSuite;
025: import org.jboss.portal.cms.CMSException;
026: import org.jboss.portal.cms.Command;
027: import org.jboss.portal.cms.impl.FolderImpl;
028: import org.jboss.portal.cms.model.Folder;
029:
030: import java.util.Date;
031:
032: /** @author Sohil Shah - sohil.shah@jboss.com - Nov 30, 2006 */
033: public class TestManageAccess extends SecureCommandTestCase {
034: String rejectPath = "/default/private";
035: String allowedPath = "/default/images";
036: String supportPath = "/default/support.html";
037: String copyPath = "/support.html";
038:
039: /**
040: *
041: *
042: */
043: public TestManageAccess() {
044: }
045:
046: /**
047: *
048: *
049: */
050: public static TestSuite suite() throws Exception {
051: return createTestSuite(TestManageAccess.class);
052: }
053:
054: /** @return */
055: private Folder getNewPublicFolder() {
056: //create folder object
057: Folder folder = new FolderImpl();
058: folder.setCreationDate(new Date());
059: folder.setDescription("Folder Description");
060: folder.setTitle("Folder Title");
061: folder.setLastModified(new Date());
062: folder.setName("images");
063: folder.setBasePath(this .allowedPath);
064:
065: return folder;
066: }
067:
068: /** @return */
069: private Folder getNewProtectedFolder() {
070: //create folder object
071: Folder folder = new FolderImpl();
072: folder.setCreationDate(new Date());
073: folder.setDescription("Folder Description");
074: folder.setTitle("Folder Title");
075: folder.setLastModified(new Date());
076: folder.setName("private");
077: folder.setBasePath(this .rejectPath);
078:
079: return folder;
080: }
081:
082: /**
083: *
084: *
085: */
086: private void runManageScenario(Folder folder) throws CMSException {
087: //Copy the specified folder
088: String copySrc = folder.getBasePath();
089: String copyDest = folder.getBasePath() + "/" + "copy";
090: Command copyCommand = this .service.getCommandFactory()
091: .createCopyCommand(copySrc, copyDest);
092: this .service.execute(copyCommand);
093:
094: //Assert the copy execution
095: Command get = this .service.getCommandFactory()
096: .createFolderGetCommand(copySrc);
097: Folder copyFrom = (Folder) this .service.execute(get);
098: get = this .service.getCommandFactory().createFolderGetCommand(
099: copyDest);
100: Folder copyTo = (Folder) this .service.execute(get);
101: assertNotNull(copyFrom);
102: assertNotNull(copyTo);
103:
104: //Move a folder
105: String moveSrc = copyDest;
106: String moveDest = folder.getBasePath() + "/" + "move";
107: Command moveCommand = this .service.getCommandFactory()
108: .createMoveCommand(moveSrc, moveDest);
109: this .service.execute(moveCommand);
110:
111: //Assert the move execution
112: get = this .service.getCommandFactory().createFolderGetCommand(
113: moveSrc);
114: Folder moveFrom = (Folder) this .service.execute(get);
115: get = this .service.getCommandFactory().createFolderGetCommand(
116: moveDest);
117: Folder moveTo = (Folder) this .service.execute(get);
118: assertNull(moveFrom);
119: assertNotNull(moveTo);
120:
121: //Delete the folder
122: String delete = moveDest;
123: Command deleteCommand = this .service.getCommandFactory()
124: .createDeleteCommand(delete);
125: this .service.execute(deleteCommand);
126:
127: //Assert delete execution
128: get = this .service.getCommandFactory().createFolderGetCommand(
129: delete);
130: Folder deletedFolder = (Folder) this .service.execute(get);
131: assertNull(deletedFolder);
132: }
133:
134: /** @throws Exception */
135: public void testAnonymous() throws Exception {
136: // first run against non-access scenario
137: try {
138: this .runManageScenario(this .getNewProtectedFolder());
139: assertTrue("Access should not have been granted to"
140: + this .rejectPath, false);
141: } catch (CMSException cme) {
142: // assert and make sure access was not granted
143: String cmeMessage = cme.toString();
144: assertTrue(cmeMessage
145: .indexOf("Access to this resource is denied") != -1);
146: }
147:
148: // now run against scenario where access should be granted for a registered user
149: //for anonymous, this should still result in an access denied
150: try {
151: this .runManageScenario(this .getNewPublicFolder());
152: assertTrue("Access should not have been granted to"
153: + this .rejectPath, false);
154: } catch (CMSException cme) {
155: // assert and make sure access was granted
156: String cmeMessage = cme.toString();
157: assertTrue(cmeMessage
158: .indexOf("Access to this resource is denied") != -1);
159: }
160: }
161:
162: /** @throws Exception */
163: public void testUser() throws Exception {
164: this .runAs("user");
165:
166: // first run against non-access scenario
167: try {
168: this .runManageScenario(this .getNewProtectedFolder());
169: assertTrue("Access should not have been granted to"
170: + this .rejectPath, false);
171: } catch (CMSException cme) {
172: // assert and make sure access was not granted
173: String cmeMessage = cme.toString();
174: assertTrue(cmeMessage
175: .indexOf("Access to this resource is denied") != -1);
176: }
177:
178: // now run against scenario where access should be granted for a registered user
179: //for anonymous, this should still result in an access denied
180: try {
181: this .runManageScenario(this .getNewPublicFolder());
182: } catch (CMSException cme) {
183: // assert and make sure access was granted
184: String cmeMessage = cme.toString();
185: assertTrue(cmeMessage
186: .indexOf("Access to this resource is denied") != -1);
187: }
188: }
189:
190: /** @throws Exception */
191: public void testAdmin() throws Exception {
192: this .runAs("admin");
193:
194: // first run against non-access scenario
195: try {
196: this .runManageScenario(this .getNewProtectedFolder());
197: } catch (CMSException cme) {
198: // assert and make sure access was not granted
199: String cmeMessage = cme.toString();
200: assertTrue(cmeMessage
201: .indexOf("Access to this resource is denied") == -1);
202: }
203:
204: // now run against scenario where access should be granted for a registered user
205: //for anonymous, this should still result in an access denied
206: try {
207: this .runManageScenario(this .getNewPublicFolder());
208: } catch (CMSException cme) {
209: // assert and make sure access was granted
210: String cmeMessage = cme.toString();
211: assertTrue(cmeMessage
212: .indexOf("Access to this resource is denied") == -1);
213: }
214: }
215:
216: /** @throws Exception */
217: public void testCopyToDeniedDestination() throws Exception {
218: this .runAs("user");
219:
220: //Copy the file to the folder
221: try {
222: Command copyCommand = this .service.getCommandFactory()
223: .createCopyCommand(this .supportPath, this .copyPath);
224: this .service.execute(copyCommand);
225:
226: //Make sure copy operation did not happen
227: //I should not get here
228: assertTrue(false);
229: } catch (CMSException cme) {
230: String cmeMessage = cme.toString();
231: if (cmeMessage.indexOf("Access to this resource is denied") != -1) {
232: //Make sure copy operation did not happen
233: Command exists = (Command) this .service
234: .getCommandFactory().createItemExistsCommand(
235: this .copyPath);
236: boolean existsValue = ((Boolean) this .service
237: .execute(exists)).booleanValue();
238: assertFalse(existsValue);
239: } else {
240: throw cme;
241: }
242: }
243: }
244:
245: /** @throws Exception */
246: public void testMoveToDeniedDestination() throws Exception {
247: this .runAs("user");
248:
249: //Move the file from the folder
250: try {
251: Command moveCommand = this .service.getCommandFactory()
252: .createMoveCommand(this .supportPath, this .copyPath);
253: this .service.execute(moveCommand);
254:
255: //Make sure copy operation did not happen
256: //I should not get here
257: assertTrue(false);
258: } catch (CMSException cme) {
259: String cmeMessage = cme.toString();
260: if (cmeMessage.indexOf("Access to this resource is denied") != -1) {
261: //Make sure move operation didnot happen
262: Command exists = (Command) this .service
263: .getCommandFactory().createItemExistsCommand(
264: this .copyPath);
265: boolean existsValue = ((Boolean) this .service
266: .execute(exists)).booleanValue();
267: assertFalse(existsValue);
268:
269: exists = (Command) this .service.getCommandFactory()
270: .createItemExistsCommand(this .supportPath);
271: existsValue = ((Boolean) this.service.execute(exists))
272: .booleanValue();
273: assertTrue(existsValue);
274: } else {
275: throw cme;
276: }
277: }
278: }
279: }
|