Skip to content
Snippets Groups Projects
Commit 53c1bf48 authored by anttil's avatar anttil
Browse files

BIS-51 / SP-123: Improve annotations on the IRelationshipService 

SVN: 25634
parent 1959b58b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/IRelationshipService.java
+ 8
3
View file @ 53c1bf48
...@@ -16,8 +16,10 @@ ...@@ -16,8 +16,10 @@
package ch.systemsx.cisd.openbis.generic.shared; package ch.systemsx.cisd.openbis.generic.shared;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.AuthorizationGuard;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.Capability; import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.Capability;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed; import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.SpaceIdentifierPredicate;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy; import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.dto.IAuthSession; import ch.systemsx.cisd.openbis.generic.shared.dto.IAuthSession;
import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.ExperimentIdentifier; import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.ExperimentIdentifier;
...@@ -32,8 +34,11 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.ProjectIdentifier; ...@@ -32,8 +34,11 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.ProjectIdentifier;
public interface IRelationshipService public interface IRelationshipService
{ {
@RolesAllowed(RoleWithHierarchy.SPACE_ADMIN) @RolesAllowed(RoleWithHierarchy.SPACE_ADMIN)
@Capability("REASSIGN_PROJECT") @Capability("ASSIGN_EXPERIMENT_TO_PROJECT")
public void reassignProject(IAuthSession session, ProjectIdentifier project, public void assignExperimentToProject(IAuthSession session,
ExperimentIdentifier experiment); @AuthorizationGuard(guardClass = SpaceIdentifierPredicate.class)
ExperimentIdentifier experiment,
@AuthorizationGuard(guardClass = SpaceIdentifierPredicate.class)
ProjectIdentifier project);
} }
openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/RelationshipServiceTest.java
+ 73
41
View file @ 53c1bf48
...@@ -21,7 +21,7 @@ import static org.hamcrest.MatcherAssert.assertThat; ...@@ -21,7 +21,7 @@ import static org.hamcrest.MatcherAssert.assertThat;
import java.util.ArrayList; import java.util.ArrayList;
import org.testng.annotations.BeforeMethod; import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test; import org.testng.annotations.Test;
import ch.systemsx.cisd.common.exceptions.AuthorizationFailureException; import ch.systemsx.cisd.common.exceptions.AuthorizationFailureException;
...@@ -32,7 +32,6 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewAttachment; ...@@ -32,7 +32,6 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewAttachment;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewSamplesWithTypes; import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewSamplesWithTypes;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode; import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.ExperimentUpdatesDTO; import ch.systemsx.cisd.openbis.generic.shared.dto.ExperimentUpdatesDTO;
import ch.systemsx.cisd.openbis.generic.shared.dto.SessionContextDTO;
import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.ExperimentIdentifier; import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.ExperimentIdentifier;
import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.ProjectIdentifier; import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.ProjectIdentifier;
import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.SpaceIdentifier; import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.SpaceIdentifier;
...@@ -43,85 +42,118 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.SpaceIdentifier; ...@@ -43,85 +42,118 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.SpaceIdentifier;
@Test(groups = "system test") @Test(groups = "system test")
public class RelationshipServiceTest extends SystemTestCase public class RelationshipServiceTest extends SystemTestCase
{ {
@BeforeMethod
public void createUsers()
{
SessionContextDTO systemUser = commonServer.tryToAuthenticateAsSystem();
commonServer.registerPerson(systemUser.getSessionToken(), "basic");
commonServer.registerSpaceRole(systemUser.getSessionToken(), RoleCode.USER,
new SpaceIdentifier("CISD", "CISD"), Grantee.createPerson("basic"));
commonServer.registerPerson(systemUser.getSessionToken(), "power"); private SpaceIdentifier sourceSpace = new SpaceIdentifier("CISD", "CISD");
commonServer.registerSpaceRole(systemUser.getSessionToken(), RoleCode.POWER_USER,
new SpaceIdentifier("CISD", "CISD"), Grantee.createPerson("power")); private SpaceIdentifier destinationSpace = new SpaceIdentifier("CISD", "TESTGROUP");
commonServer.registerPerson(systemUser.getSessionToken(), "admin"); private String systemSessionToken;
commonServer.registerSpaceRole(systemUser.getSessionToken(), RoleCode.ADMIN,
new SpaceIdentifier("CISD", "CISD"), Grantee.createPerson("admin"));
commonServer.registerPerson(systemUser.getSessionToken(), "instance_admin"); private ExperimentUpdatesDTO projectUpdate;
commonServer.registerInstanceRole(systemUser.getSessionToken(), RoleCode.ADMIN, Grantee
.createPerson("instance_admin"));
@BeforeClass
public void loginSystemUser()
{
systemSessionToken = commonServer.tryToAuthenticateAsSystem().getSessionToken();
projectUpdate = getProjectUpdate();
createSpaceUser("basic_user", RoleCode.USER, RoleCode.USER);
createSpaceUser("power_user", RoleCode.POWER_USER, RoleCode.POWER_USER);
createSpaceUser("source_space_admin", RoleCode.ADMIN, RoleCode.USER);
createSpaceUser("destination_space_admin", RoleCode.USER, RoleCode.ADMIN);
createSpaceUser("both_space_admin", RoleCode.ADMIN, RoleCode.ADMIN);
createInstanceUser("instance_admin", RoleCode.ADMIN);
} }
@Test(expectedExceptions = @Test(expectedExceptions =
{ AuthorizationFailureException.class }) { AuthorizationFailureException.class })
public void basicUserIsNotAllowedToUpdateExperienceProjectRelationship() public void basicUserIsNotAllowedToUpdateExperienceProjectRelationship()
{ {
SessionContextDTO basicUser = commonServer.tryToAuthenticate("basic", "password"); String session = authenticate("basic_user");
ExperimentUpdatesDTO updates = getProjectUpdate(basicUser); commonServer.updateExperiment(session, projectUpdate);
commonServer.updateExperiment(basicUser.getSessionToken(), updates);
} }
@Test(expectedExceptions = @Test(expectedExceptions =
{ AuthorizationFailureException.class }) { AuthorizationFailureException.class })
public void powerUserIsNotAllowedToUpdateExperienceProjectRelationship() public void powerUserIsNotAllowedToUpdateExperienceProjectRelationship()
{ {
SessionContextDTO powerUser = commonServer.tryToAuthenticate("power", "password"); String session = authenticate("power_user");
ExperimentUpdatesDTO updates = getProjectUpdate(powerUser); commonServer.updateExperiment(session, projectUpdate);
commonServer.updateExperiment(powerUser.getSessionToken(), updates); }
@Test(expectedExceptions =
{ AuthorizationFailureException.class })
public void spaceAdminOfOnlySourceSpaceIsNotAllowedToUpdateExperienceProjectRelationship()
{
String session = authenticate("source_space_admin");
commonServer.updateExperiment(session, projectUpdate);
}
@Test(expectedExceptions =
{ AuthorizationFailureException.class })
public void spaceAdminOfOnlyDestinationSpaceIsNotAllowedToUpdateExperienceProjectRelationship()
{
String session = authenticate("destination_space_admin");
commonServer.updateExperiment(session, projectUpdate);
} }
@Test @Test
public void spaceAdminIsAllowedToUpdateExperienceProjectRelationship() public void spaceAdminOfBothSpacesIsAllowedToUpdateExperienceProjectRelationship()
{ {
SessionContextDTO adminUser = commonServer.tryToAuthenticate("admin", "password"); String session = authenticate("both_space_admin");
ExperimentUpdatesDTO updates = getProjectUpdate(adminUser); commonServer.updateExperiment(session, projectUpdate);
commonServer.updateExperiment(adminUser.getSessionToken(), updates);
Experiment experiment = Experiment experiment =
commonServer.getExperimentInfo(adminUser.getSessionToken(), commonServer.getExperimentInfo(session,
new ExperimentIdentifier( new ExperimentIdentifier(
"CISD", "CISD", "DEFAULT", "EXP1")); "CISD", "TESTGROUP", "TESTPROJ", "EXP1"));
assertThat(experiment.getProject().getCode(), is("DEFAULT")); assertThat(experiment.getProject().getCode(), is("TESTPROJ"));
} }
@Test @Test
public void instanceAdminIsAllowedToUpdateExperienceProjectRelationship() public void instanceAdminIsAllowedToUpdateExperienceProjectRelationship()
{ {
SessionContextDTO instanceAdminUser = String session = authenticate("instance_admin");
commonServer.tryToAuthenticate("instance_admin", "password"); commonServer.updateExperiment(session, projectUpdate);
ExperimentUpdatesDTO updates = getProjectUpdate(instanceAdminUser);
commonServer.updateExperiment(instanceAdminUser.getSessionToken(), updates);
Experiment experiment = Experiment experiment =
commonServer.getExperimentInfo(instanceAdminUser.getSessionToken(), commonServer.getExperimentInfo(session,
new ExperimentIdentifier( new ExperimentIdentifier(
"CISD", "CISD", "DEFAULT", "EXP1")); "CISD", "TESTGROUP", "TESTPROJ", "EXP1"));
assertThat(experiment.getProject().getCode(), is("DEFAULT")); assertThat(experiment.getProject().getCode(), is("TESTPROJ"));
}
private String authenticate(String user)
{
return commonServer.tryToAuthenticate(user, "password").getSessionToken();
}
private void createSpaceUser(String userName, RoleCode sourceSpaceRole,
RoleCode destinationSpaceRole)
{
String sessionToken = commonServer.tryToAuthenticateAsSystem().getSessionToken();
commonServer.registerPerson(sessionToken, userName);
commonServer.registerSpaceRole(sessionToken, sourceSpaceRole,
sourceSpace, Grantee.createPerson(userName));
commonServer.registerSpaceRole(sessionToken, destinationSpaceRole,
destinationSpace, Grantee.createPerson(userName));
}
private void createInstanceUser(String userName, RoleCode role)
{
commonServer.registerPerson(systemSessionToken, userName);
commonServer.registerInstanceRole(systemSessionToken, role, Grantee.createPerson(userName));
} }
private ExperimentUpdatesDTO getProjectUpdate(SessionContextDTO session) private ExperimentUpdatesDTO getProjectUpdate()
{ {
ExperimentUpdatesDTO updates = new ExperimentUpdatesDTO(); ExperimentUpdatesDTO updates = new ExperimentUpdatesDTO();
Experiment experiment = Experiment experiment =
commonServer.getExperimentInfo(session.getSessionToken(), new ExperimentIdentifier( commonServer.getExperimentInfo(systemSessionToken, new ExperimentIdentifier(
"CISD", "CISD", "NEMO", "EXP1")); "CISD", "CISD", "NEMO", "EXP1"));
updates.setExperimentId(new TechId(experiment)); updates.setExperimentId(new TechId(experiment));
updates.setVersion(experiment.getModificationDate()); updates.setVersion(experiment.getModificationDate());
updates.setProjectIdentifier(new ProjectIdentifier("CISD", "CISD", "DEFAULT")); updates.setProjectIdentifier(new ProjectIdentifier("CISD", "TESTGROUP", "TESTPROJ"));
updates.setProperties(experiment.getProperties()); updates.setProperties(experiment.getProperties());
updates.setAttachments(new ArrayList<NewAttachment>()); updates.setAttachments(new ArrayList<NewAttachment>());
updates.setNewSamples(new ArrayList<NewSamplesWithTypes>()); updates.setNewSamples(new ArrayList<NewSamplesWithTypes>());
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment