TST: more unit tests for Retrieve transactions

2edfcff6 · Timm Fitschen · efe146b3 · 2edfcff6 · 2edfcff6
Verified Commit 2edfcff6 authored 3 years ago by Timm Fitschen
--- a/src/main/java/org/caosdb/server/transaction/Retrieve.java
+++ b/src/main/java/org/caosdb/server/transaction/Retrieve.java
@@ -79,7 +79,7 @@ public class Retrieve extends Transaction<RetrieveContainer> {
  protected void postTransaction() {
    // generate Error for missing RETRIEVE:ENTITY Permission.
    for (final EntityInterface e : getContainer()) {
-      if (e.getEntityACL() != null) {
+      if (e.getEntityStatus() != EntityStatus.NONEXISTENT) {
        try {
          e.checkPermission(EntityPermission.RETRIEVE_ENTITY);
        } catch (final AuthorizationException exc) {

--- a/src/test/java/org/caosdb/server/transaction/RetrieveTest.java
+++ b/src/test/java/org/caosdb/server/transaction/RetrieveTest.java
+package org.caosdb.server.transaction;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import java.io.IOException;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.subject.Subject;
+import org.caosdb.server.CaosDBServer;
+import org.caosdb.server.ServerProperties;
+import org.caosdb.server.accessControl.AnonymousAuthenticationToken;
+import org.caosdb.server.accessControl.Role;
+import org.caosdb.server.database.BackendTransaction;
+import org.caosdb.server.database.access.Access;
+import org.caosdb.server.database.backend.interfaces.RetrieveRoleImpl;
+import org.caosdb.server.database.exceptions.TransactionException;
+import org.caosdb.server.database.misc.TransactionBenchmark;
+import org.caosdb.server.entity.EntityInterface;
+import org.caosdb.server.entity.RetrieveEntity;
+import org.caosdb.server.entity.container.RetrieveContainer;
+import org.caosdb.server.entity.xml.IdAndServerMessagesOnlyStrategy;
+import org.caosdb.server.permissions.EntityACLFactory;
+import org.caosdb.server.utils.EntityStatus;
+import org.caosdb.server.utils.ServerMessages;
+import org.junit.BeforeClass;
+import org.junit.Test;
+public class RetrieveTest {
+  @BeforeClass
+  public static void setup() throws IOException {
+    CaosDBServer.initServerProperties();
+    CaosDBServer.setProperty(ServerProperties.KEY_AUTH_OPTIONAL, "TRUE");
+    CaosDBServer.initShiro();
+    BackendTransaction.setImpl(RetrieveRoleImpl.class, RetrieveRoleMockup.class);
+  }
+  /** a mock-up which returns null */
+  public static class RetrieveRoleMockup implements RetrieveRoleImpl {
+    public RetrieveRoleMockup(Access a) {}
+    @Override
+    public void setTransactionBenchmark(TransactionBenchmark b) {}
+    @Override
+    public TransactionBenchmark getBenchmark() {
+      return null;
+    }
+    @Override
+    public Role retrieve(String role) throws TransactionException {
+      return null;
+    }
+  }
+  @Test
+  public void testMissingRetrievePermission() {
+    Subject subject = SecurityUtils.getSubject();
+    subject.login(AnonymousAuthenticationToken.getInstance());
+    EntityInterface entity = new RetrieveEntity(1234);
+    EntityACLFactory fac = new EntityACLFactory();
+    fac.deny(AnonymousAuthenticationToken.PRINCIPAL, "RETRIEVE:ENTITY");
+    entity.setEntityACL(fac.create());
+    RetrieveContainer container = new RetrieveContainer(null, null, null, null);
+    assertTrue(entity.getMessages().isEmpty());
+    assertEquals(entity.getEntityStatus(), EntityStatus.QUALIFIED);
+    container.add(entity);
+    Retrieve retrieve = new Retrieve(container);
+    retrieve.postTransaction();
+    assertFalse(entity.getMessages().isEmpty());
+    assertEquals(entity.getMessages("error").get(0), ServerMessages.AUTHORIZATION_ERROR);
+    assertEquals(entity.getEntityStatus(), EntityStatus.UNQUALIFIED);
+    assertTrue(entity.getSerializeFieldStrategy() instanceof IdAndServerMessagesOnlyStrategy);
+  }
+}