diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/SessionsUpdateInterceptor.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/SessionsUpdateInterceptor.java
index 4df0b1f4efe210e3b2fe36054dbcb0564b312281..ff867432c9ef48a431795333b62da29c8edcdd2f 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/SessionsUpdateInterceptor.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/SessionsUpdateInterceptor.java
@@ -24,6 +24,7 @@ import org.hibernate.type.Type;
import ch.systemsx.cisd.openbis.generic.server.dataaccess.IDAOFactory;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.ServiceVersionHolder;
+import ch.systemsx.cisd.openbis.generic.shared.dto.AuthorizationGroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.SpacePE;
@@ -49,27 +50,27 @@ public class SessionsUpdateInterceptor extends EmptyInterceptor
@Override
public boolean onFlushDirty(Object entity, Serializable id, Object[] currentState, Object[] previousState, String[] propertyNames, Type[] types)
{
- checkRoleAssignment(entity);
+ checkAuthorizationEntity(entity);
return false;
}
@Override
public void onDelete(Object entity, Serializable id, Object[] state, String[] propertyNames, Type[] types)
{
- checkRoleAssignment(entity);
+ checkAuthorizationEntity(entity);
checkSpace(entity);
}
@Override
public boolean onSave(Object entity, Serializable id, Object[] state, String[] propertyNames, Type[] types)
{
- checkRoleAssignment(entity);
+ checkAuthorizationEntity(entity);
return false;
}
- private void checkRoleAssignment(Object entity)
+ private void checkAuthorizationEntity(Object entity)
{
- if (entity instanceof RoleAssignmentPE)
+ if (entity instanceof RoleAssignmentPE || entity instanceof AuthorizationGroupPE)
{
sessionsUpdateNeeded = true;
}
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/SessionUpdateTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/SessionUpdateTest.java
index 74c61c5b9952628f3a572f281a16ee472b5bc62e..3256f13712df9948f50489523c4f12bb7f806737 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/SessionUpdateTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/SessionUpdateTest.java
@@ -22,18 +22,19 @@ import java.util.Arrays;
import java.util.Collections;
import java.util.List;
-import junit.framework.Assert;
-
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.Predicate;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
+import org.testng.AssertJUnit;
import org.testng.annotations.Test;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.AuthorizationGroup;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.ColumnSetting;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Grantee;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewAuthorizationGroup;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.displaysettings.ColumnDisplaySettingsUpdate;
@@ -48,21 +49,61 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.SpaceIdentifier;
public class SessionUpdateTest extends SystemTestCase
{
+ private static final String TEST_SPACE_USER = "test_space";
+
private static final String ADMIN = "test";
+ @Test
+ public void testAuthorizationGroupModificationsAreVisible()
+ {
+ String groupCode = "AUTHORIZATION_TEST_GROUP";
+
+ String sessionToken = authenticateAs(ADMIN);
+ String sessionTokenUser = authenticateAs(TEST_SPACE_USER);
+
+ // create a group
+
+ NewAuthorizationGroup newGroup = new NewAuthorizationGroup();
+ newGroup.setCode(groupCode);
+ commonServer.registerAuthorizationGroup(sessionToken, newGroup);
+ List<AuthorizationGroup> groups = commonServer.listAuthorizationGroups(sessionToken);
+ TechId authorizationGroupTechId = new TechId(findAuthorizationGroup(groups, groupCode).getId());
+
+ // add authorization to the group
+ commonServer.registerSpaceRole(sessionToken, RoleCode.ADMIN, new SpaceIdentifier("TESTGROUP"),
+ Grantee.createAuthorizationGroup(groupCode));
+
+ // add user to the group
+ commonServer.addPersonsToAuthorizationGroup(sessionToken, authorizationGroupTechId, Arrays.asList(TEST_SPACE_USER));
+
+ // check the user sees space
+
+ assertUserCanAccessSpace(sessionTokenUser, "TESTGROUP");
+
+ // remove the group
+ commonServer.removePersonsFromAuthorizationGroup(sessionToken, authorizationGroupTechId, Arrays.asList(TEST_SPACE_USER));
+
+ // check user doesnt see space
+ assertUserCantAccessSpace(sessionTokenUser, "TESTGROUP");
+
+ // cleanup
+ commonServer.deleteAuthorizationGroups(sessionToken, Arrays.asList(authorizationGroupTechId), "no reason");
+
+ }
+
@Test
public void testCreateSpaceForUserAndAssignIdenticalRoleFailsWithNoSideeffect()
{
String sessionToken = authenticateAs(ADMIN);
- String sessionTokenUser = authenticateAs("test_space");
+ String sessionTokenUser = authenticateAs(TEST_SPACE_USER);
commonServer.tryGetSession(sessionTokenUser);
String spaceIdentifier = new SpaceIdentifier("TEST_SPACE_1").toString();
AtomicEntityOperationDetails eo =
- new EntityOperationBuilder().user(ADMIN).space("TEST_SPACE_1", "test_space").
- assignRoleToSpace(RoleCode.ADMIN, spaceIdentifier, Arrays.asList("test_space"), null).create();
+ new EntityOperationBuilder().user(ADMIN).space("TEST_SPACE_1", TEST_SPACE_USER).
+ assignRoleToSpace(RoleCode.ADMIN, spaceIdentifier, Arrays.asList(TEST_SPACE_USER), null).create();
try
{
@@ -85,11 +126,11 @@ public class SessionUpdateTest extends SystemTestCase
// reproduce
AtomicEntityOperationDetails eo =
- new EntityOperationBuilder().user(ADMIN).space("TEST_SPACE_1", "test_space").create();
+ new EntityOperationBuilder().user(ADMIN).space("TEST_SPACE_1", TEST_SPACE_USER).create();
etlService.performEntityOperations(sessionTokenForInstanceAdmin, eo);
- String sessionTokenForSpaceAdmin = commonServer.tryAuthenticate("test_space", "a").getSessionToken();
+ String sessionTokenForSpaceAdmin = commonServer.tryAuthenticate(TEST_SPACE_USER, "a").getSessionToken();
List<Space> spaces = commonServer.listSpaces(sessionTokenForSpaceAdmin, DatabaseInstanceIdentifier.HOME_INSTANCE);
Space space = findSpace(spaces, "TEST_SPACE_1");
@@ -104,18 +145,18 @@ public class SessionUpdateTest extends SystemTestCase
public void testRoleAssingmentDeleted()
{
String sessionTokenForInstanceAdmin = commonServer.tryAuthenticate("test", "a").getSessionToken();
- String sessionTokenForSpaceAdmin = commonServer.tryAuthenticate("test_space", "a").getSessionToken();
+ String sessionTokenForSpaceAdmin = commonServer.tryAuthenticate(TEST_SPACE_USER, "a").getSessionToken();
// reproduce
commonServer.deleteSpaceRole(sessionTokenForInstanceAdmin, RoleCode.ADMIN,
- new SpaceIdentifier("TEST-SPACE"), Grantee.createPerson("test_space"));
+ new SpaceIdentifier("TEST-SPACE"), Grantee.createPerson(TEST_SPACE_USER));
commonServer.updateDisplaySettings(sessionTokenForSpaceAdmin,
new ColumnDisplaySettingsUpdate("id_a_b_C", Collections.<ColumnSetting> emptyList()));
// clean up
commonServer.registerSpaceRole(sessionTokenForInstanceAdmin, RoleCode.ADMIN,
- new SpaceIdentifier("TEST-SPACE"), Grantee.createPerson("test_space"));
+ new SpaceIdentifier("TEST-SPACE"), Grantee.createPerson(TEST_SPACE_USER));
}
@Test
@@ -124,26 +165,40 @@ public class SessionUpdateTest extends SystemTestCase
String spaceCode = "TESTGROUP";
String sessionTokenForInstanceAdmin = commonServer.tryAuthenticate("test", "a").getSessionToken();
- String sessionTokenForSpaceAdmin = commonServer.tryAuthenticate("test_space", "a").getSessionToken();
+ String sessionTokenForSpaceAdmin = commonServer.tryAuthenticate(TEST_SPACE_USER, "a").getSessionToken();
List<Space> spaces = commonServer.listSpaces(sessionTokenForSpaceAdmin, DatabaseInstanceIdentifier.createHome());
boolean matchingSpaces = containsSpace(spaces, spaceCode);
- Assert.assertFalse(spaceCode + " should not be in test_space user groups before the role assignment" + spaces, matchingSpaces);
+ AssertJUnit.assertFalse(spaceCode + " should not be in test_space user groups before the role assignment" + spaces, matchingSpaces);
commonServer.registerSpaceRole(sessionTokenForInstanceAdmin, RoleCode.ADMIN,
- new SpaceIdentifier(spaceCode), Grantee.createPerson("test_space"));
+ new SpaceIdentifier(spaceCode), Grantee.createPerson(TEST_SPACE_USER));
spaces = commonServer.listSpaces(sessionTokenForSpaceAdmin, DatabaseInstanceIdentifier.createHome());
matchingSpaces = containsSpace(spaces, spaceCode);
- Assert.assertTrue("Couldn't find " + spaceCode + " space in spaces of test_space user. Found only " + spaces, matchingSpaces);
+ AssertJUnit.assertTrue("Couldn't find " + spaceCode + " space in spaces of test_space user. Found only " + spaces, matchingSpaces);
// cleanup
commonServer.deleteSpaceRole(sessionTokenForInstanceAdmin, RoleCode.ADMIN,
- new SpaceIdentifier(spaceCode), Grantee.createPerson("test_space"));
+ new SpaceIdentifier(spaceCode), Grantee.createPerson(TEST_SPACE_USER));
}
+ void assertUserCanAccessSpace(String sessionToken, String spaceCode)
+ {
+ List<Space> spaces = commonServer.listSpaces(sessionToken, DatabaseInstanceIdentifier.HOME_INSTANCE);
+ boolean foundSpace = containsSpace(spaces, spaceCode);
+ AssertJUnit.assertTrue(spaceCode + " should be in test_space user." + spaces, foundSpace);
+ }
+
+ void assertUserCantAccessSpace(String sessionToken, String spaceCode)
+ {
+ List<Space> spaces = commonServer.listSpaces(sessionToken, DatabaseInstanceIdentifier.HOME_INSTANCE);
+ boolean foundSpace = containsSpace(spaces, spaceCode);
+ AssertJUnit.assertFalse(spaceCode + " should not be in test_space user." + spaces, foundSpace);
+ }
+
private boolean containsSpace(List<Space> spaces, final String spaceCode)
{
int matchingSpaces = CollectionUtils.countMatches(spaces, new Predicate<Space>()
@@ -171,4 +226,17 @@ public class SessionUpdateTest extends SystemTestCase
});
}
+ private AuthorizationGroup findAuthorizationGroup(List<AuthorizationGroup> spaces, final String spaceCode)
+ {
+ return CollectionUtils.find(spaces, new Predicate<AuthorizationGroup>()
+ {
+ @Override
+ public boolean evaluate(AuthorizationGroup object)
+ {
+ return object.getCode().equals(spaceCode);
+ }
+
+ });
+ }
+
}