From 0ada2de1fa440541f1803dd32060d762e7fb7b6d Mon Sep 17 00:00:00 2001
From: jakubs <jakubs>
Date: Mon, 29 Oct 2012 10:48:05 +0000
Subject: [PATCH] SP-358 BIS-227 add tests for authorization of content
provider in aggregation services
SVN: 27391
---
...oviderAggregationServiceNoAuthorization.py | 7 ++
.../plugin.properties | 3 +
.../contentProviderAggregationService.py | 8 +++
.../plugin.properties | 3 +
.../systemtests/QueryFacadeTest.java | 66 +++++++++++++++++++
5 files changed, 87 insertions(+)
create mode 100644 datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service-no-authorization/contentProviderAggregationServiceNoAuthorization.py
create mode 100644 datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service-no-authorization/plugin.properties
create mode 100644 datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service/contentProviderAggregationService.py
create mode 100644 datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service/plugin.properties
diff --git a/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service-no-authorization/contentProviderAggregationServiceNoAuthorization.py b/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service-no-authorization/contentProviderAggregationServiceNoAuthorization.py
new file mode 100644
index 00000000000..d6e918a8a0c
--- /dev/null
+++ b/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service-no-authorization/contentProviderAggregationServiceNoAuthorization.py
@@ -0,0 +1,7 @@
+def aggregate(parameters, tableBuilder):
+ dataSetCode = parameters.get('dataset-code')
+ content = contentProviderUnfiltered.getContent(dataSetCode)
+
+ tableBuilder.addHeader("name")
+ row = tableBuilder.addRow()
+ row.setCell("name", content.rootNode.getName())
\ No newline at end of file
diff --git a/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service-no-authorization/plugin.properties b/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service-no-authorization/plugin.properties
new file mode 100644
index 00000000000..6709a06b2f5
--- /dev/null
+++ b/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service-no-authorization/plugin.properties
@@ -0,0 +1,3 @@
+label = Test Content Provider Aggregation Reporting
+class = ch.systemsx.cisd.openbis.dss.generic.server.plugins.jython.JythonAggregationService
+script-path = contentProviderAggregationServiceNoAuthorization.py
\ No newline at end of file
diff --git a/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service/contentProviderAggregationService.py b/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service/contentProviderAggregationService.py
new file mode 100644
index 00000000000..cfe0e8e5459
--- /dev/null
+++ b/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service/contentProviderAggregationService.py
@@ -0,0 +1,8 @@
+def aggregate(parameters, tableBuilder):
+ dataSetCode = parameters.get('dataset-code')
+ content = contentProvider.getContent(dataSetCode)
+
+ tableBuilder.addHeader("name")
+
+ row = tableBuilder.addRow()
+ row.setCell("name", content.rootNode.getName())
\ No newline at end of file
diff --git a/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service/plugin.properties b/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service/plugin.properties
new file mode 100644
index 00000000000..601b2bb1818
--- /dev/null
+++ b/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service/plugin.properties
@@ -0,0 +1,3 @@
+label = Test Content Provider Aggregation Reporting
+class = ch.systemsx.cisd.openbis.dss.generic.server.plugins.jython.JythonAggregationService
+script-path = contentProviderAggregationService.py
\ No newline at end of file
diff --git a/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/datastoreserver/systemtests/QueryFacadeTest.java b/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/datastoreserver/systemtests/QueryFacadeTest.java
index f099c192e89..43244dc80d7 100644
--- a/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/datastoreserver/systemtests/QueryFacadeTest.java
+++ b/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/datastoreserver/systemtests/QueryFacadeTest.java
@@ -46,10 +46,13 @@ public class QueryFacadeTest extends SystemTestCase
private IQueryApiFacade queryFacade;
+ private IQueryApiFacade observerFacade;
+
@BeforeMethod
public void beforeMethod()
{
queryFacade = createServiceFacade("test");
+ observerFacade = createServiceFacade("observer");
}
@Test
@@ -170,6 +173,69 @@ public class QueryFacadeTest extends SystemTestCase
assertTrue("Did not find a sample called [JYTHON-TEST]", foundSample);
}
+ /**
+ * The observer trying to access the forbidden dataset via the authorized content provider.
+ */
+ @Test(expectedExceptions = Exception.class)
+ public void testJythonAggregationServiceWithContentProviderAuthentication() throws Exception
+ {
+ AggregationServiceDescription service =
+ getAggregationServiceDescription("content-provider-aggregation-service");
+ HashMap<String, Object> parameters = new HashMap<String, Object>();
+ parameters.put("dataset-code", "20081105092159111-1");
+
+ File content = new File(new File(new File(store, "42"), "a"), "1");
+ content.mkdirs();
+
+ observerFacade.createReportFromAggregationService(service, parameters);
+ }
+
+ /**
+ * The testcase, where the observer tries to acces the dataset that he cannot see, but through
+ * the non-authorized content provider.
+ */
+ @Test
+ public void testJythonAggregationServiceWithoutContentProviderAuthentication() throws Exception
+ {
+ AggregationServiceDescription service =
+ getAggregationServiceDescription("content-provider-aggregation-service-no-authorization");
+ HashMap<String, Object> parameters = new HashMap<String, Object>();
+ parameters.put("dataset-code", "20081105092159111-1");
+
+ File content = new File(new File(new File(store, "42"), "a"), "1");
+ content.mkdirs();
+
+ QueryTableModel table =
+ observerFacade.createReportFromAggregationService(service, parameters);
+
+ assertEquals("[name]", getHeaders(table).toString());
+ assertEquals("[1]", Arrays.asList(table.getRows().get(0)).toString());
+ assertEquals(1, table.getRows().size());
+ }
+
+ /**
+ * The authorized user tries to access the dataset via the authorized content provider.
+ */
+ @Test
+ public void testJythonAggregationServiceWithContentProviderAuthenticationAndAuthorizedUser()
+ throws Exception
+ {
+ AggregationServiceDescription service =
+ getAggregationServiceDescription("content-provider-aggregation-service");
+ HashMap<String, Object> parameters = new HashMap<String, Object>();
+ parameters.put("dataset-code", "20081105092159111-1");
+
+ File content = new File(new File(new File(store, "42"), "a"), "1");
+ content.mkdirs();
+
+ QueryTableModel table =
+ queryFacade.createReportFromAggregationService(service, parameters);
+
+ assertEquals("[name]", getHeaders(table).toString());
+ assertEquals("[1]", Arrays.asList(table.getRows().get(0)).toString());
+ assertEquals(1, table.getRows().size());
+ }
+
private IQueryApiFacade createServiceFacade(String userName)
{
return FacadeFactory.create(OPENBIS_URL, userName, "a");
--
GitLab