Merge branch 'f-get-owner' into f-grpc-f-acm

0ba230c7 · Timm Fitschen · 97e678bd · 47917414 · 0ba230c7 · 0ba230c7
Verified Commit 0ba230c7 authored 3 years ago by Timm Fitschen
--- a/src/main/java/org/caosdb/server/permissions/EntityACL.java
+++ b/src/main/java/org/caosdb/server/permissions/EntityACL.java
@@ -193,7 +193,9 @@ public class EntityACL {
  public static final List<ResponsibleAgent> getOwners(final Collection<EntityACI> acl) {
    final List<ResponsibleAgent> owners = new ArrayList<>();
    for (final EntityACI aci : acl) {
-      if (isOwnerBitSet(aci.getBitSet()) && !aci.getResponsibleAgent().equals(OWNER_ROLE)) {
+      if (aci.isGrant()
+          && isOwnerBitSet(aci.getBitSet())
+          && !aci.getResponsibleAgent().equals(OWNER_ROLE)) {
        owners.add(aci.getResponsibleAgent());
      }
    }

--- a/src/test/java/org/caosdb/server/permissions/EntityACLTest.java
+++ b/src/test/java/org/caosdb/server/permissions/EntityACLTest.java
@@ -455,4 +455,37 @@ public class EntityACLTest {
      assertTrue(EntityACL.isPriorityBitSet(aci.getBitSet()));
    }
  }
+
+  @Test
+  public void testOwnership() {
+    EntityACLFactory f = new EntityACLFactory();
+    f.grant(
+        org.caosdb.server.permissions.Role.create("the_owner"), false, EntityPermission.EDIT_ACL);
+    f.deny(
+        org.caosdb.server.permissions.Role.create("someone_else"),
+        false,
+        EntityPermission.EDIT_ACL);
+    EntityACL acl = f.create();
+    assertEquals(1, acl.getOwners().size());
+    assertEquals("the_owner", acl.getOwners().get(0).toString());
+  }
+
+  @Test
+  public void testPermissionsFor() {
+    EntityACLFactory f = new EntityACLFactory();
+    f.deny(org.caosdb.server.permissions.Role.ANONYMOUS_ROLE, false, EntityPermission.EDIT_ACL);
+    f.grant(org.caosdb.server.permissions.Role.OWNER_ROLE, false, "*");
+    EntityACL acl = f.create();
+
+    Subject anonymous = SecurityUtils.getSubject();
+    anonymous.login(AnonymousAuthenticationToken.getInstance());
+    assertTrue(AuthenticationUtils.isAnonymous(anonymous));
+
+    assertNotNull(acl);
+    assertTrue(acl.getOwners().isEmpty());
+    final Set<EntityPermission> permissionsFor =
+        EntityACL.getPermissionsFor(anonymous, acl.getRules());
+
+    assertFalse(permissionsFor.contains(EntityPermission.RETRIEVE_ENTITY));
+  }
 }