From 1dc7f0ccba3496d3db3f774fd3584f4ee6d49cbe Mon Sep 17 00:00:00 2001
From: felmer <felmer>
Date: Wed, 22 Feb 2017 10:49:37 +0000
Subject: [PATCH] SSDM-4824: adding all systemtests added on stage for testing
authorization.
SVN: 37794
---
.../systemtest/asapi/v3/AbstractTest.java | 5 ++
.../asapi/v3/ConfirmDeletionTest.java | 44 +++++++++++++
.../asapi/v3/CreateDataSetTest.java | 62 ++++++++++++-----
.../systemtest/asapi/v3/CreateSampleTest.java | 66 +++++++++++++++++++
.../systemtest/asapi/v3/CreateTagTest.java | 11 ++++
.../systemtest/asapi/v3/DeleteTagTest.java | 15 +++++
.../asapi/v3/RevertDeletionTest.java | 62 +++++++++++++++++
.../systemtest/asapi/v3/UpdateSampleTest.java | 18 +++++
.../systemtest/asapi/v3/UpdateTagTest.java | 22 +++++++
9 files changed, 290 insertions(+), 15 deletions(-)
diff --git a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/AbstractTest.java b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/AbstractTest.java
index 1f20679499d..0eceb6b8a7e 100644
--- a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/AbstractTest.java
+++ b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/AbstractTest.java
@@ -128,11 +128,16 @@ public class AbstractTest extends SystemTestCase
protected static final String TEST_GROUP_OBSERVER = "observer";
+ protected static final String TEST_OBSERVER_CISD = "observer_cisd";
+
protected static final String TEST_GROUP_POWERUSER = "poweruser";
protected static final String TEST_GROUP_ADMIN = "admin";
+ protected static final String TEST_NO_HOME_SPACE = "homeless";
+
protected static final String PASSWORD = "password";
+
private BufferedAppender logRecorder;
diff --git a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/ConfirmDeletionTest.java b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/ConfirmDeletionTest.java
index ca4803ba41d..7a6b45682b9 100644
--- a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/ConfirmDeletionTest.java
+++ b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/ConfirmDeletionTest.java
@@ -174,4 +174,48 @@ public class ConfirmDeletionTest extends AbstractDeletionTest
}, "Deletion ids cannot be null");
}
+ @Test
+ public void testConfirmDeletionWithAdminUserInAnotherSpace()
+ {
+ String sessionToken = v3api.login(TEST_POWER_USER_CISD, PASSWORD);
+
+ ExperimentPermId experimentId = createCisdExperiment();
+
+ ExperimentDeletionOptions deletionOptions = new ExperimentDeletionOptions();
+ deletionOptions.setReason("It is just a test");
+ final IDeletionId deletionId = v3api.deleteExperiments(sessionToken, Collections.singletonList(experimentId), deletionOptions);
+
+ assertAuthorizationFailureException(new IDelegatedAction()
+ {
+ @Override
+ public void execute()
+ {
+ String sessionToken2 = v3api.login(TEST_OBSERVER_CISD, PASSWORD);
+ v3api.confirmDeletions(sessionToken2, Collections.singletonList(deletionId));
+ }
+ });
+ }
+
+ @Test
+ public void testConfirmDeletionWithSameAdminUserInAnotherSpace()
+ {
+ String sessionToken = v3api.login(TEST_NO_HOME_SPACE, PASSWORD);
+
+ ExperimentPermId experimentId = createCisdExperiment();
+
+ ExperimentDeletionOptions deletionOptions = new ExperimentDeletionOptions();
+ deletionOptions.setReason("It is just a test");
+ final IDeletionId deletionId = v3api.deleteExperiments(sessionToken, Collections.singletonList(experimentId), deletionOptions);
+
+ assertAuthorizationFailureException(new IDelegatedAction()
+ {
+ @Override
+ public void execute()
+ {
+ String sessionToken2 = v3api.login(TEST_NO_HOME_SPACE, PASSWORD);
+ v3api.confirmDeletions(sessionToken2, Collections.singletonList(deletionId));
+ }
+ });
+ }
+
}
diff --git a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/CreateDataSetTest.java b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/CreateDataSetTest.java
index cc044907126..dcd888842a2 100644
--- a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/CreateDataSetTest.java
+++ b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/CreateDataSetTest.java
@@ -31,6 +31,7 @@ import org.testng.annotations.Test;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.common.id.CreationId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.dataset.Complete;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.dataset.DataSet;
+import ch.ethz.sis.openbis.generic.asapi.v3.dto.dataset.archive.DataSetArchiveOptions;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.dataset.create.DataSetCreation;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.dataset.create.LinkedDataCreation;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.dataset.create.PhysicalDataCreation;
@@ -46,6 +47,7 @@ import ch.ethz.sis.openbis.generic.asapi.v3.dto.dataset.id.LocatorTypePermId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.dataset.id.ProprietaryStorageFormatPermId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.dataset.id.RelativeLocationLocatorTypePermId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.dataset.id.StorageFormatPermId;
+import ch.ethz.sis.openbis.generic.asapi.v3.dto.dataset.unarchive.DataSetUnarchiveOptions;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.datastore.id.DataStorePermId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.datastore.id.IDataStoreId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.entitytype.id.EntityTypePermId;
@@ -76,20 +78,6 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewETPTAssignment;
*/
public class CreateDataSetTest extends AbstractDataSetTest
{
-
- @Test
- public void testCreateWithIndexCheck()
- {
- String sessionToken = v3api.login(TEST_USER, PASSWORD);
-
- DataSetCreation dataSet = physicalDataSetCreation();
- ReindexingState state = new ReindexingState();
-
- List<DataSetPermId> permIds = v3api.createDataSets(sessionToken, Arrays.asList(dataSet));
-
- assertDataSetsReindexed(state, permIds.get(0).getPermId());
- }
-
@Test
public void testCreateDSWithAdminUserInAnotherSpace()
{
@@ -118,7 +106,51 @@ public class CreateDataSetTest extends AbstractDataSetTest
v3api.createDataSets(sessionToken, Collections.singletonList(creation));
}
- }, "Data set creation can be only executed by a system user or a user with at least SPACE_ETL_SERVER role");
+ }, "Data set creation can be only executed by a user with ETL_SERVER role");
+ }
+
+ @Test
+ public void testArchiveWithAdminUserInAnotherSpace()
+ {
+ assertAuthorizationFailureException(new IDelegatedAction()
+ {
+ @Override
+ public void execute()
+ {
+ List<DataSetPermId> permIds = testCreateWithIndexCheck();
+ String sessionToken = v3api.login(TEST_OBSERVER_CISD, PASSWORD);
+ v3api.archiveDataSets(sessionToken, permIds, new DataSetArchiveOptions());
+ }
+ });
+ }
+
+ @Test
+ public void testUnArchiveWithAdminUserInAnotherSpace()
+ {
+ assertAuthorizationFailureException(new IDelegatedAction()
+ {
+ @Override
+ public void execute()
+ {
+ List<DataSetPermId> permIds = testCreateWithIndexCheck();
+ String sessionToken = v3api.login(TEST_OBSERVER_CISD, PASSWORD);
+ v3api.unarchiveDataSets(sessionToken, permIds, new DataSetUnarchiveOptions());
+ }
+ });
+ }
+
+ @Test
+ public List<DataSetPermId> testCreateWithIndexCheck()
+ {
+ String sessionToken = v3api.login(TEST_USER, PASSWORD);
+
+ DataSetCreation dataSet = physicalDataSetCreation();
+ ReindexingState state = new ReindexingState();
+
+ List<DataSetPermId> permIds = v3api.createDataSets(sessionToken, Arrays.asList(dataSet));
+
+ assertDataSetsReindexed(state, permIds.get(0).getPermId());
+ return permIds;
}
@Test
diff --git a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/CreateSampleTest.java b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/CreateSampleTest.java
index d80c1b2f63d..c24e61acfb0 100644
--- a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/CreateSampleTest.java
+++ b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/CreateSampleTest.java
@@ -60,7 +60,73 @@ import junit.framework.Assert;
*/
public class CreateSampleTest extends AbstractSampleTest
{
+ @Test
+ public void testCreateSampleUsingCreationIdAsSpaceId()
+ {
+ assertUserFailureException(new IDelegatedAction()
+ {
+ @Override
+ public void execute()
+ {
+ String sessionToken = v3api.login(TEST_USER, PASSWORD);
+
+ SampleCreation creation = new SampleCreation();
+ creation.setCode("TEST_SAMPLE_42");
+ creation.setTypeId(new EntityTypePermId("CELL_PLATE"));
+ CreationId creationId = new CreationId("not-a-space-id");
+ creation.setCreationId(creationId);
+ creation.setSpaceId(creationId);
+
+ v3api.createSamples(sessionToken, Collections.singletonList(creation));
+ }
+ }, "Unsupported object id [not-a-space-id]");
+
+ }
+ @Test
+ public void testCreateSharedSampleWithNoHomeSpaceAndNoAdminRights()
+ {
+ final String code = "TEST_TO_FAIL";
+
+ assertAuthorizationFailureException(new IDelegatedAction()
+ {
+ @Override
+ public void execute()
+ {
+ String sessionToken = v3api.login(TEST_NO_HOME_SPACE, PASSWORD);
+
+ SampleCreation creation = new SampleCreation();
+ creation.setCode(code);
+ creation.setTypeId(new EntityTypePermId("CELL_PLATE"));
+ creation.setCreationId(new CreationId("creation " + code));
+
+ v3api.createSamples(sessionToken, Collections.singletonList(creation));
+ }
+ });
+ }
+
+ @Test
+ public void testCreateSharedSampleWithNoAdminRights()
+ {
+ final String code = "TEST_TO_FAIL";
+
+ assertAuthorizationFailureException(new IDelegatedAction()
+ {
+ @Override
+ public void execute()
+ {
+ String sessionToken = v3api.login(TEST_ROLE_V3, PASSWORD);
+
+ SampleCreation creation = new SampleCreation();
+ creation.setCode(code);
+ creation.setTypeId(new EntityTypePermId("CELL_PLATE"));
+ creation.setCreationId(new CreationId("creation " + code));
+
+ v3api.createSamples(sessionToken, Collections.singletonList(creation));
+ }
+ });
+ }
+
@Test
public void testCreateWithIndexCheck()
{
diff --git a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/CreateTagTest.java b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/CreateTagTest.java
index 10b6024adff..bfea0f7226b 100644
--- a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/CreateTagTest.java
+++ b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/CreateTagTest.java
@@ -42,6 +42,17 @@ import ch.systemsx.cisd.common.action.IDelegatedAction;
@Test(groups = { "before remote api" })
public class CreateTagTest extends AbstractTest
{
+ @Test
+ public void testCreateWithObserver()
+ {
+ TagCreation creation = new TagCreation();
+ creation.setCode("TEST_TAG");
+ creation.setDescription("test description");
+
+ Tag tag = createTag(TEST_GROUP_OBSERVER, PASSWORD, creation);
+
+ assertEquals(tag.getDescription(), creation.getDescription());
+ }
@Test
public void testCreateWithCodeNull()
diff --git a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteTagTest.java b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteTagTest.java
index a523499240a..ddf7eee8dad 100644
--- a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteTagTest.java
+++ b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteTagTest.java
@@ -135,6 +135,21 @@ public class DeleteTagTest extends AbstractDeletionTest
assertMaterialsReindexed(state, materialId);
}
+ @Test
+ public void testDeleteWithObserver()
+ {
+ TagCreation creation = new TagCreation();
+ creation.setCode("TAG_TO_DELETE");
+
+ Tag before = createTag(TEST_GROUP_OBSERVER, PASSWORD, creation);
+
+ TagDeletionOptions options = new TagDeletionOptions();
+ options.setReason("It is just a test");
+
+ Tag after = deleteTag(TEST_GROUP_OBSERVER, PASSWORD, before.getPermId(), options);
+ assertNull(after);
+ }
+
@Test
public void testDeleteWithUnauthorizedTag()
{
diff --git a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/RevertDeletionTest.java b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/RevertDeletionTest.java
index c07de67531e..e5181ed7161 100644
--- a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/RevertDeletionTest.java
+++ b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/RevertDeletionTest.java
@@ -131,4 +131,66 @@ public class RevertDeletionTest extends AbstractDeletionTest
}, deletionId);
}
+ @Test
+ public void testRevertDeletionWithAdminUserInAnotherSpace()
+ {
+ String sessionToken = v3api.login(TEST_POWER_USER_CISD, PASSWORD);
+
+ ExperimentPermId experimentId = createCisdExperiment();
+
+ ExperimentDeletionOptions deletionOptions = new ExperimentDeletionOptions();
+ deletionOptions.setReason("It is just a test");
+ final IDeletionId deletionId = v3api.deleteExperiments(sessionToken, Collections.singletonList(experimentId), deletionOptions);
+
+ assertAuthorizationFailureException(new IDelegatedAction()
+ {
+ @Override
+ public void execute()
+ {
+ String sessionToken2 = v3api.login(TEST_OBSERVER_CISD, PASSWORD);
+ v3api.revertDeletions(sessionToken2, Collections.singletonList(deletionId));
+ }
+ });
+ }
+
+ @Test
+ public void testRevertDeletionWithSamePowerUserWhoDeleted()
+ {
+ String sessionToken = v3api.login(TEST_POWER_USER_CISD, PASSWORD);
+
+ ExperimentPermId experimentId = createCisdExperiment();
+
+ ExperimentDeletionOptions deletionOptions = new ExperimentDeletionOptions();
+ deletionOptions.setReason("It is just a test");
+ final IDeletionId deletionId = v3api.deleteExperiments(sessionToken, Collections.singletonList(experimentId), deletionOptions);
+ assertDeletionExists(deletionId);
+ assertExperimentDoesNotExist(experimentId);
+
+ v3api.revertDeletions(sessionToken, Collections.singletonList(deletionId));
+
+ assertDeletionDoesNotExist(deletionId);
+ assertExperimentExists(experimentId);
+ }
+
+ @Test
+ public void testRevertDeletionWithDifferentPowerUserWhoDeleted()
+ {
+ String sessionToken = v3api.login(TEST_USER, PASSWORD);
+
+ ExperimentPermId experimentId = createCisdExperiment();
+
+ ExperimentDeletionOptions deletionOptions = new ExperimentDeletionOptions();
+ deletionOptions.setReason("It is just a test");
+ final IDeletionId deletionId = v3api.deleteExperiments(sessionToken, Collections.singletonList(experimentId), deletionOptions);
+
+ assertUnauthorizedObjectAccessException(new IDelegatedAction()
+ {
+ @Override
+ public void execute()
+ {
+ String sessionToken2 = v3api.login(TEST_POWER_USER_CISD, PASSWORD);
+ v3api.revertDeletions(sessionToken2, Collections.singletonList(deletionId));
+ }
+ }, deletionId);
+ }
}
diff --git a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/UpdateSampleTest.java b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/UpdateSampleTest.java
index af3540354de..63522587216 100644
--- a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/UpdateSampleTest.java
+++ b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/UpdateSampleTest.java
@@ -60,6 +60,24 @@ import junit.framework.Assert;
*/
public class UpdateSampleTest extends AbstractSampleTest
{
+ @Test
+ public void testUpdateSharedSampleWithHomelessPowerUser()
+ {
+ final SamplePermId permId = new SamplePermId("200811050947161-653");
+
+ assertUnauthorizedObjectAccessException(new IDelegatedAction()
+ {
+ @Override
+ public void execute()
+ {
+ String sessionToken = v3api.login(TEST_NO_HOME_SPACE, PASSWORD);
+
+ final SampleUpdate update = new SampleUpdate();
+ update.setSampleId(permId);
+ v3api.updateSamples(sessionToken, Collections.singletonList(update));
+ }
+ }, permId);
+ }
@Test
public void testUpdateBiggerThanPostgresDriverArgumentsLimitWithIndexCheck()
diff --git a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/UpdateTagTest.java b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/UpdateTagTest.java
index d90e4b7f661..2f1d3add260 100644
--- a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/UpdateTagTest.java
+++ b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/UpdateTagTest.java
@@ -19,6 +19,7 @@ package ch.ethz.sis.openbis.systemtest.asapi.v3;
import static org.testng.Assert.assertEquals;
import java.util.Arrays;
+import java.util.List;
import java.util.Map;
import org.testng.annotations.Test;
@@ -28,6 +29,7 @@ import ch.ethz.sis.openbis.generic.asapi.v3.dto.experiment.id.ExperimentIdentifi
import ch.ethz.sis.openbis.generic.asapi.v3.dto.material.id.MaterialPermId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.id.SampleIdentifier;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.tag.Tag;
+import ch.ethz.sis.openbis.generic.asapi.v3.dto.tag.create.TagCreation;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.tag.fetchoptions.TagFetchOptions;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.tag.id.ITagId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.tag.id.TagPermId;
@@ -97,6 +99,26 @@ public class UpdateTagTest extends AbstractTest
assertEquals(after.getDescription(), update.getDescription().getValue());
}
+ @Test
+ public void testUpdateWithObserver()
+ {
+
+ TagCreation creation = new TagCreation();
+ creation.setCode("TEST_TAG");
+ creation.setDescription("test description");
+
+ String sessionToken = v3api.login(TEST_GROUP_OBSERVER, PASSWORD);
+ List<TagPermId> ids = v3api.createTags(sessionToken, Arrays.asList(creation));
+
+ TagUpdate update = new TagUpdate();
+ update.setTagId(ids.get(0));
+ update.setDescription("brand new description");
+
+ Tag after = updateTag(TEST_GROUP_OBSERVER, PASSWORD, update);
+
+ assertEquals(after.getDescription(), update.getDescription().getValue());
+ }
+
@Test
public void testUpdateWithExperimentsAdd()
{
--
GitLab