TST: more tests for EntityACL stuff

01c58e79 · Timm Fitschen · e4691ff2 · 01c58e79 · 01c58e79
Verified Commit 01c58e79 authored 4 years ago by Timm Fitschen
--- a/src/main/java/org/caosdb/server/permissions/AbstractEntityACLFactory.java
+++ b/src/main/java/org/caosdb/server/permissions/AbstractEntityACLFactory.java
@@ -262,6 +262,7 @@ public abstract class AbstractEntityACLFactory<T extends EntityACL> {
   */
  public AbstractEntityACLFactory<T> remove(EntityACL other) {
    if (other != null) {
+      normalize();
      for (EntityACI aci : other.getRules()) {
        if (EntityACL.isAllowance(aci.getBitSet())) {
          if (EntityACL.isPriorityBitSet(aci.getBitSet())) {

--- a/src/test/java/org/caosdb/server/permissions/EntityACLTest.java
+++ b/src/test/java/org/caosdb/server/permissions/EntityACLTest.java
@@ -22,6 +22,7 @@
 */
 package org.caosdb.server.permissions;

+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;

@@ -349,60 +350,49 @@ public class EntityACLTest {
    Assert.assertFalse((f.create().isPermitted(user2, EntityPermission.UPDATE_NAME)));
  }

-  //   @Test
-  //   public void niceFactoryStuff() {
-  //   final EntityACLFactory f = new EntityACLFactory();
-  //   f.grant("user1", "*");
-  //   final EntityACL acl1 = f.create();
-  //   Assert.assertTrue(acl1.isPermitted("user1", EntityPermission.EDIT_ACL));
-  //   Assert.assertTrue(acl1.isPermitted("user1", EntityPermission.DELETE));
-  //   Assert.assertTrue(acl1.isPermitted("user1",
-  //   EntityPermission.RETRIEVE_ENTITY));
-  //   Assert.assertTrue(acl1.isPermitted("user1",
-  //   EntityPermission.UPDATE_DATA_TYPE));
-  //   Assert.assertTrue(acl1.isPermitted("user1",
-  //   EntityPermission.USE_AS_PROPERTY));
-  //
-  //   f.grant("?OWNER?", "DELETE", "EDIT:ACL", "RETRIEVE:*", "UPDATE:*",
-  //   "USE:*");
-  //   f.grant("user2", "EDIT:ACL");
-  //   final EntityACL acl2 = f.create();
-  //   Assert.assertTrue(acl2.isPermitted("user2", EntityPermission.EDIT_ACL));
-  //   Assert.assertTrue(acl2.isPermitted("user2", EntityPermission.DELETE));
-  //   Assert.assertTrue(acl2.isPermitted("user2",
-  //   EntityPermission.RETRIEVE_ENTITY));
-  //   Assert.assertTrue(acl2.isPermitted("user2",
-  //   EntityPermission.UPDATE_DATA_TYPE));
-  //   Assert.assertTrue(acl2.isPermitted("user2",
-  //   EntityPermission.USE_AS_PROPERTY));
-  //
-  //   }
-  //
-  //   @Test
-  //   public void testDeny() {
-  //   EntityACLFactory f = new EntityACLFactory();
-  //   f.deny("test", "DELETE");
-  //   Assert.assertFalse(f.create().isPermitted("test",
-  //   EntityPermission.DELETE));
-  //
-  //   System.out.println(Utils.element2String(f.create().toElement()));
-  //
-  //   System.out.println(Utils.element2String(EntityACL.GLOBAL_PERMISSIONS.toElement()));
-  //
-  //   f.grant("test", "USE:*");
-  //   Assert.assertFalse(f.create().isPermitted("test",
-  //   EntityPermission.DELETE));
-  //
-  //   System.out.println(Utils.element2String(f.create().toElement()));
-  //
-  //   f = new EntityACLFactory();
-  //   f.grant(EntityACL.OTHER_ROLE, "RETRIEVE:*");
-  //   f.deny(EntityACL.OTHER_ROLE, "DELETE");
-  //   final EntityACL a = f.create();
-  //
-  //   System.out.println(Utils.element2String(a.toElement()));
-  //
-  //   System.out.println(Utils.element2String(EntityACL.deserialize(a.serialize()).toElement()));
-  //   }
+  @Test
+  public void testRemove() {
+    EntityACLFactory f = new EntityACLFactory();
+    f.grant(org.caosdb.server.permissions.Role.create("role1"), false, EntityPermission.DELETE);
+    f.deny(org.caosdb.server.permissions.Role.create("role2"), false, EntityPermission.EDIT_ACL);
+    f.grant(
+        org.caosdb.server.permissions.Role.create("role3"), true, EntityPermission.RETRIEVE_ACL);
+    f.deny(
+        org.caosdb.server.permissions.Role.create("role4"), true, EntityPermission.RETRIEVE_ENTITY);
+
+    EntityACL other = f.create();
+
+    f.grant(org.caosdb.server.permissions.Role.create("role2"), false, EntityPermission.EDIT_ACL);
+    f.grant(
+        org.caosdb.server.permissions.Role.create("role5"), false, EntityPermission.RETRIEVE_FILE);
+
+    f.remove(other); // normalize and remove "other"
+
+    EntityACL tester = f.create();
+    assertEquals(
+        "only the very last rule survived, the others have been overriden or removed",
+        1,
+        tester.getRules().size());
+    for (EntityACI aci : tester.getRules()) {
+      assertEquals(aci.getResponsibleAgent(), org.caosdb.server.permissions.Role.create("role5"));
+    }
+  }

+  @Test
+  public void testNormalize() {
+    EntityACLFactory f = new EntityACLFactory();
+    f.grant(org.caosdb.server.permissions.Role.create("role1"), false, EntityPermission.DELETE);
+    f.deny(org.caosdb.server.permissions.Role.create("role1"), false, EntityPermission.DELETE);
+    f.grant(org.caosdb.server.permissions.Role.create("role1"), true, EntityPermission.DELETE);
+    f.deny(org.caosdb.server.permissions.Role.create("role1"), true, EntityPermission.DELETE);
+
+    // priority denail overrides everything else
+    EntityACL denyDelete = f.create();
+    assertEquals(1, denyDelete.getRules().size());
+    for (EntityACI aci : denyDelete.getRules()) {
+      assertEquals(org.caosdb.server.permissions.Role.create("role1"), aci.getResponsibleAgent());
+      assertTrue(EntityACL.isDenial(aci.getBitSet()));
+      assertTrue(EntityACL.isPriorityBitSet(aci.getBitSet()));
+    }
+  }
 }