From f99d4a67dc19a4101dac402f625df9eadf168599 Mon Sep 17 00:00:00 2001
From: felmer <felmer>
Date: Wed, 17 Sep 2008 06:38:42 +0000
Subject: [PATCH] LMS-478 Authorization framework moved from 'lims' to
'openbis'.
SVN: 8341
---
...tabaseInstanceIdentifierPredicateTest.java | 250 +++++++++++++
.../GroupIdentifierPredicateTest.java | 330 ++++++++++++++++++
.../predicate/NewExperimentPredicateTest.java | 54 +++
.../QueryRestrictionPredicateTest.java | 55 +++
.../validator/GroupValidatorTest.java | 118 +++++++
5 files changed, 807 insertions(+)
create mode 100644 openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/DatabaseInstanceIdentifierPredicateTest.java
create mode 100644 openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/GroupIdentifierPredicateTest.java
create mode 100644 openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/NewExperimentPredicateTest.java
create mode 100644 openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/QueryRestrictionPredicateTest.java
create mode 100644 openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/validator/GroupValidatorTest.java
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/DatabaseInstanceIdentifierPredicateTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/DatabaseInstanceIdentifierPredicateTest.java
new file mode 100644
index 00000000000..4313747463e
--- /dev/null
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/DatabaseInstanceIdentifierPredicateTest.java
@@ -0,0 +1,250 @@
+/*
+ * Copyright 2008 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.server.authorization.predicate;
+
+import static org.testng.AssertJUnit.assertEquals;
+import static org.testng.AssertJUnit.assertFalse;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import org.jmock.Expectations;
+import org.jmock.Mockery;
+import org.testng.annotations.AfterMethod;
+import org.testng.annotations.BeforeMethod;
+import org.testng.annotations.Test;
+
+import ch.systemsx.cisd.common.exceptions.Status;
+import ch.systemsx.cisd.common.exceptions.StatusFlag;
+import ch.systemsx.cisd.common.exceptions.UserFailureException;
+import ch.systemsx.cisd.lims.base.dto.DatabaseInstancePE;
+import ch.systemsx.cisd.lims.base.dto.PersonPE;
+import ch.systemsx.cisd.lims.base.identifier.DatabaseInstanceIdentifier;
+import ch.systemsx.cisd.lims.base.identifier.GroupIdentifier;
+import ch.systemsx.cisd.lims.base.role.RoleCode;
+import ch.systemsx.cisd.openbis.generic.server.authorization.RoleWithIdentifier;
+import ch.systemsx.cisd.openbis.generic.server.authorization.RoleWithIdentifierTest;
+import ch.systemsx.cisd.openbis.generic.server.dataaccess.IAuthorizationDAOFactory;
+import ch.systemsx.cisd.openbis.generic.server.dataaccess.IDatabaseInstanceDAO;
+
+/**
+ * Test cases for corresponding {@link DatabaseInstanceIdentifierPredicate} class.
+ *
+ * @author Christian Ribeaud
+ */
+public final class DatabaseInstanceIdentifierPredicateTest
+{
+ static final long INSTANCE_ID = 11L;
+
+ static final long ANOTHER_INSTANCE_ID = 12L;
+
+ static final String INSTANCE_CODE = "DB1";
+
+ static final String ANOTHER_INSTANCE_CODE = "DB2";
+
+ private Mockery context;
+
+ private IAuthorizationDAOFactory daoFactory;
+
+ private IDatabaseInstanceDAO databaseInstanceDAO;
+
+ final static DatabaseInstancePE createDatabaseInstance()
+ {
+ return createDatabaseInstance(INSTANCE_CODE, INSTANCE_ID);
+ }
+
+ final static DatabaseInstancePE createAnotherDatabaseInstance()
+ {
+ return createDatabaseInstance(ANOTHER_INSTANCE_CODE, ANOTHER_INSTANCE_ID);
+ }
+
+ final static DatabaseInstancePE createDatabaseInstance(String code, Long id)
+ {
+ final DatabaseInstancePE databaseInstance = new DatabaseInstancePE();
+ databaseInstance.setCode(code);
+ databaseInstance.setUuid("global_" + code);
+ databaseInstance.setId(id);
+ return databaseInstance;
+ }
+
+ final static PersonPE createPerson()
+ {
+ final PersonPE personPE = new PersonPE();
+ personPE.setUserId("megapixel");
+ personPE.setDatabaseInstance(createDatabaseInstance());
+ return personPE;
+ }
+
+ final static List<RoleWithIdentifier> createAllowedRoles(final boolean withInstanceRole)
+ {
+ final List<RoleWithIdentifier> list = new ArrayList<RoleWithIdentifier>();
+ final RoleWithIdentifier groupRole =
+ RoleWithIdentifierTest.createGroupRole(RoleCode.USER, new GroupIdentifier(
+ INSTANCE_CODE, GroupIdentifierPredicateTest.GROUP_CODE));
+ list.add(groupRole);
+ if (withInstanceRole)
+ {
+ final RoleWithIdentifier databaseInstanceRole =
+ RoleWithIdentifierTest.createInstanceRole(RoleCode.USER,
+ new DatabaseInstanceIdentifier(ANOTHER_INSTANCE_CODE));
+ list.add(databaseInstanceRole);
+ }
+ return list;
+ }
+
+ private final void preparePredicateInit(final DatabaseInstancePE databaseInstance,
+ final boolean accessHomeGroup)
+ {
+ context.checking(new Expectations()
+ {
+ {
+ one(daoFactory).getDatabaseInstancesDAO();
+ will(returnValue(databaseInstanceDAO));
+
+ one(databaseInstanceDAO).listDatabaseInstances();
+ if (databaseInstance == null)
+ {
+ will(returnValue(Collections.EMPTY_LIST));
+ } else
+ {
+ will(returnValue(Arrays.asList(databaseInstance)));
+ }
+ if (accessHomeGroup)
+ {
+ one(daoFactory).getHomeDatabaseInstance();
+ will(returnValue(createAnotherDatabaseInstance()));
+ }
+ }
+ });
+ }
+
+ @BeforeMethod
+ public void setUp()
+ {
+ context = new Mockery();
+ daoFactory = context.mock(IAuthorizationDAOFactory.class);
+ databaseInstanceDAO = context.mock(IDatabaseInstanceDAO.class);
+ }
+
+ @AfterMethod
+ public void tearDown()
+ {
+ // To following line of code should also be called at the end of each test method.
+ // Otherwise one do not known which test failed.
+ context.assertIsSatisfied();
+ }
+
+ @Test
+ public final void testDoEvaluationWithoutDAOFactory()
+ {
+ final DatabaseInstanceIdentifierPredicate predicate = createInstancePredicate();
+ boolean fail = true;
+ try
+ {
+ predicate.doEvaluation(createPerson(), createAllowedRoles(false),
+ DatabaseInstanceIdentifier.createHome());
+ } catch (final AssertionError e)
+ {
+ fail = false;
+ }
+ assertFalse(fail);
+ context.assertIsSatisfied();
+ }
+
+ @Test
+ public final void testSuccessfulEvaluation()
+ {
+ final DatabaseInstanceIdentifierPredicate predicate = createInstancePredicate();
+ final DatabaseInstancePE databaseInstance = createAnotherDatabaseInstance();
+ preparePredicateInit(databaseInstance, false);
+ predicate.init(daoFactory);
+ final Status evaluation =
+ predicate.doEvaluation(createPerson(), createAllowedRoles(true),
+ new DatabaseInstanceIdentifier(ANOTHER_INSTANCE_CODE));
+ assertEquals(Status.OK, evaluation);
+ context.assertIsSatisfied();
+ }
+
+ @Test
+ public final void testFailedEvaluation()
+ {
+ final DatabaseInstanceIdentifierPredicate predicate = createInstancePredicate();
+ final DatabaseInstancePE databaseInstance = createAnotherDatabaseInstance();
+ preparePredicateInit(databaseInstance, false);
+ predicate.init(daoFactory);
+ final PersonPE person = createPerson();
+ final Status evaluation =
+ predicate.doEvaluation(person, createAllowedRoles(false),
+ new DatabaseInstanceIdentifier(ANOTHER_INSTANCE_CODE));
+ assertEquals(StatusFlag.ERROR, evaluation.getFlag());
+ assertEquals(
+ "User 'megapixel' does not have enough privileges to read from database instance 'DB2'.",
+ evaluation.tryGetErrorMessage());
+ context.assertIsSatisfied();
+ }
+
+ @Test
+ public final void testSuccessfulEvaluationWithHomeDatabaseInstance()
+ {
+ final DatabaseInstanceIdentifierPredicate predicate = createInstancePredicate();
+ final DatabaseInstancePE databaseInstance = createAnotherDatabaseInstance();
+ preparePredicateInit(databaseInstance, true);
+ predicate.init(daoFactory);
+ final PersonPE person = createPerson();
+ final Status evaluation =
+ predicate.doEvaluation(person, createAllowedRoles(true), DatabaseInstanceIdentifier
+ .createHome());
+ assertEquals(Status.OK, evaluation);
+ context.assertIsSatisfied();
+ }
+
+ @Test(expectedExceptions = UserFailureException.class)
+ public final void testExceptionBecauseInstanceDoesNotExist()
+ {
+ final DatabaseInstanceIdentifierPredicate predicate = createInstancePredicate();
+ preparePredicateInit(null, false);
+ predicate.init(daoFactory);
+ predicate.doEvaluation(DatabaseInstanceIdentifierPredicateTest.createPerson(),
+ DatabaseInstanceIdentifierPredicateTest.createAllowedRoles(false),
+ new DatabaseInstanceIdentifier(
+ DatabaseInstanceIdentifierPredicateTest.INSTANCE_CODE));
+ context.assertIsSatisfied();
+ }
+
+ @Test
+ public final void testWithGroupIdentifier()
+ {
+ final DatabaseInstanceIdentifierPredicate predicate = createInstancePredicate();
+ final DatabaseInstancePE databaseInstance = createDatabaseInstance();
+ preparePredicateInit(databaseInstance, false);
+ predicate.init(daoFactory);
+ final PersonPE person = createPerson();
+ final Status evaluation =
+ predicate.doEvaluation(person, createAllowedRoles(false), new GroupIdentifier(
+ new DatabaseInstanceIdentifier(databaseInstance.getCode()),
+ GroupIdentifierPredicateTest.GROUP_CODE));
+ assertEquals(Status.OK, evaluation);
+ context.assertIsSatisfied();
+ }
+
+ private DatabaseInstanceIdentifierPredicate createInstancePredicate()
+ {
+ return new DatabaseInstanceIdentifierPredicate(true);
+ }
+}
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/GroupIdentifierPredicateTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/GroupIdentifierPredicateTest.java
new file mode 100644
index 00000000000..8f846a12b3f
--- /dev/null
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/GroupIdentifierPredicateTest.java
@@ -0,0 +1,330 @@
+/*
+ * Copyright 2008 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.server.authorization.predicate;
+
+import static org.testng.AssertJUnit.assertEquals;
+import static org.testng.AssertJUnit.assertFalse;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import org.jmock.Expectations;
+import org.jmock.Mockery;
+import org.testng.annotations.AfterMethod;
+import org.testng.annotations.BeforeMethod;
+import org.testng.annotations.Test;
+
+import ch.systemsx.cisd.common.exceptions.Status;
+import ch.systemsx.cisd.common.exceptions.StatusFlag;
+import ch.systemsx.cisd.common.exceptions.UserFailureException;
+import ch.systemsx.cisd.lims.base.dto.DatabaseInstancePE;
+import ch.systemsx.cisd.lims.base.dto.GroupPE;
+import ch.systemsx.cisd.lims.base.dto.PersonPE;
+import ch.systemsx.cisd.lims.base.identifier.GroupIdentifier;
+import ch.systemsx.cisd.openbis.generic.server.dataaccess.IAuthorizationDAOFactory;
+import ch.systemsx.cisd.openbis.generic.server.dataaccess.IDatabaseInstanceDAO;
+import ch.systemsx.cisd.openbis.generic.server.dataaccess.IGroupDAO;
+
+/**
+ * Test cases for corresponding {@link GroupIdentifierPredicate} class.
+ *
+ * @author Christian Ribeaud
+ */
+public final class GroupIdentifierPredicateTest
+{
+ static final String GROUP_CODE = "G1";
+
+ static final String ANOTHER_GROUP_CODE = "G2";
+
+ static final Long GROUP_ID = 87L;
+
+ static final Long ANOTHER_GROUP_ID = 88L;
+
+ private Mockery context;
+
+ private IAuthorizationDAOFactory daoFactory;
+
+ private IDatabaseInstanceDAO databaseInstanceDAO;
+
+ private IGroupDAO groupDAO;
+
+ static final List<GroupPE> createGroups()
+ {
+ final List<GroupPE> groups = new ArrayList<GroupPE>();
+ groups.add(createGroup());
+ groups.add(createAnotherGroup());
+ return groups;
+ }
+
+ static final GroupPE createGroup(final String groupCode, final Long id,
+ final DatabaseInstancePE databaseInstancePE)
+ {
+ final GroupPE group = new GroupPE();
+ group.setCode(groupCode);
+ group.setId(id);
+ group.setDatabaseInstance(databaseInstancePE);
+ return group;
+ }
+
+ static final GroupPE createAnotherGroup()
+ {
+ return createGroup(ANOTHER_GROUP_CODE, ANOTHER_GROUP_ID,
+ DatabaseInstanceIdentifierPredicateTest.createAnotherDatabaseInstance());
+ }
+
+ static final GroupPE createGroup()
+ {
+ return createGroup(GROUP_CODE, GROUP_ID, DatabaseInstanceIdentifierPredicateTest
+ .createDatabaseInstance());
+ }
+
+ @BeforeMethod
+ public void setUp()
+ {
+ context = new Mockery();
+ daoFactory = context.mock(IAuthorizationDAOFactory.class);
+ databaseInstanceDAO = context.mock(IDatabaseInstanceDAO.class);
+ groupDAO = context.mock(IGroupDAO.class);
+ }
+
+ @AfterMethod
+ public void tearDown()
+ {
+ // To following line of code should also be called at the end of each test method.
+ // Otherwise one do not known which test failed.
+ context.assertIsSatisfied();
+ }
+
+ @Test
+ public final void testDoEvaluationWithoutDAOFactory()
+ {
+ final GroupIdentifierPredicate predicate = new GroupIdentifierPredicate();
+ boolean fail = true;
+ try
+ {
+ predicate.doEvaluation(DatabaseInstanceIdentifierPredicateTest.createPerson(),
+ DatabaseInstanceIdentifierPredicateTest.createAllowedRoles(false),
+ GroupIdentifier.createHome());
+ } catch (final AssertionError e)
+ {
+ fail = false;
+ }
+ assertFalse(fail);
+ context.assertIsSatisfied();
+ }
+
+ @Test(expectedExceptions = UserFailureException.class)
+ public final void testExceptionBecauseInstanceDoesNotExist()
+ {
+ final GroupIdentifierPredicate predicate = new GroupIdentifierPredicate();
+ context.checking(new Expectations()
+ {
+ {
+ one(daoFactory).getDatabaseInstancesDAO();
+ will(returnValue(databaseInstanceDAO));
+
+ one(daoFactory).getGroupDAO();
+ will(returnValue(groupDAO));
+
+ one(databaseInstanceDAO).listDatabaseInstances();
+ will(returnValue(Collections.EMPTY_LIST));
+
+ one(groupDAO).listGroups();
+ will(returnValue(Collections.EMPTY_LIST));
+ }
+ });
+ predicate.init(daoFactory);
+ predicate.doEvaluation(DatabaseInstanceIdentifierPredicateTest.createPerson(),
+ DatabaseInstanceIdentifierPredicateTest.createAllowedRoles(false),
+ new GroupIdentifier(DatabaseInstanceIdentifierPredicateTest.INSTANCE_CODE,
+ GROUP_CODE));
+ context.assertIsSatisfied();
+ }
+
+ @Test(expectedExceptions = UserFailureException.class)
+ public final void testExceptionBecauseGroupDoesNotExist()
+ {
+ final GroupIdentifierPredicate predicate = new GroupIdentifierPredicate();
+ context.checking(new Expectations()
+ {
+ {
+ one(daoFactory).getDatabaseInstancesDAO();
+ will(returnValue(databaseInstanceDAO));
+
+ one(daoFactory).getGroupDAO();
+ will(returnValue(groupDAO));
+
+ one(databaseInstanceDAO).listDatabaseInstances();
+ will(returnValue(Arrays.asList(DatabaseInstanceIdentifierPredicateTest
+ .createDatabaseInstance())));
+
+ one(groupDAO).listGroups();
+ will(returnValue(Collections.EMPTY_LIST));
+ }
+ });
+ predicate.init(daoFactory);
+ predicate.doEvaluation(DatabaseInstanceIdentifierPredicateTest.createPerson(),
+ DatabaseInstanceIdentifierPredicateTest.createAllowedRoles(false),
+ new GroupIdentifier(DatabaseInstanceIdentifierPredicateTest.INSTANCE_CODE,
+ GROUP_CODE));
+ context.assertIsSatisfied();
+ }
+
+ @Test
+ public final void testSuccessfulEvaluation()
+ {
+ final GroupIdentifierPredicate predicate = new GroupIdentifierPredicate();
+ context.checking(new Expectations()
+ {
+ {
+ one(daoFactory).getDatabaseInstancesDAO();
+ will(returnValue(databaseInstanceDAO));
+
+ one(daoFactory).getGroupDAO();
+ will(returnValue(groupDAO));
+
+ one(databaseInstanceDAO).listDatabaseInstances();
+ will(returnValue(Arrays.asList(DatabaseInstanceIdentifierPredicateTest
+ .createDatabaseInstance())));
+
+ one(groupDAO).listGroups();
+ will(returnValue(createGroups()));
+ }
+ });
+ predicate.init(daoFactory);
+ final Status evaluation =
+ predicate.doEvaluation(DatabaseInstanceIdentifierPredicateTest.createPerson(),
+ DatabaseInstanceIdentifierPredicateTest.createAllowedRoles(false),
+ new GroupIdentifier(DatabaseInstanceIdentifierPredicateTest.INSTANCE_CODE,
+ GROUP_CODE));
+ assertEquals(Status.OK, evaluation);
+ context.assertIsSatisfied();
+ }
+
+ @Test
+ public final void testSuccessfulEvaluationWithHomeGroup()
+ {
+ final GroupIdentifierPredicate predicate = new GroupIdentifierPredicate();
+ context.checking(new Expectations()
+ {
+ {
+ one(daoFactory).getDatabaseInstancesDAO();
+ will(returnValue(databaseInstanceDAO));
+
+ one(daoFactory).getGroupDAO();
+ will(returnValue(groupDAO));
+
+ one(databaseInstanceDAO).listDatabaseInstances();
+ will(returnValue(Arrays.asList(DatabaseInstanceIdentifierPredicateTest
+ .createAnotherDatabaseInstance(),
+ DatabaseInstanceIdentifierPredicateTest.createDatabaseInstance())));
+
+ one(groupDAO).listGroups();
+ will(returnValue(createGroups()));
+ }
+ });
+ predicate.init(daoFactory);
+ final PersonPE person = DatabaseInstanceIdentifierPredicateTest.createPerson();
+ final GroupPE homeGroup = createGroup();
+ person.setHomeGroup(homeGroup);
+ final GroupIdentifier groupIdentifier =
+ new GroupIdentifier(DatabaseInstanceIdentifierPredicateTest.INSTANCE_CODE, null);
+ final Status evaluation =
+ predicate.doEvaluation(person, DatabaseInstanceIdentifierPredicateTest
+ .createAllowedRoles(false), groupIdentifier);
+ assertEquals(Status.OK, evaluation);
+ context.assertIsSatisfied();
+ }
+
+ @Test
+ public final void testFailedEvaluation()
+ {
+ final GroupIdentifierPredicate predicate = new GroupIdentifierPredicate();
+ context.checking(new Expectations()
+ {
+ {
+ one(daoFactory).getDatabaseInstancesDAO();
+ will(returnValue(databaseInstanceDAO));
+
+ one(daoFactory).getGroupDAO();
+ will(returnValue(groupDAO));
+
+ one(databaseInstanceDAO).listDatabaseInstances();
+ will(returnValue(Arrays.asList(DatabaseInstanceIdentifierPredicateTest
+ .createDatabaseInstance(), DatabaseInstanceIdentifierPredicateTest
+ .createAnotherDatabaseInstance())));
+
+ one(groupDAO).listGroups();
+ will(returnValue(createGroups()));
+ }
+ });
+ predicate.init(daoFactory);
+ final Status evaluation =
+ predicate.doEvaluation(DatabaseInstanceIdentifierPredicateTest.createPerson(),
+ DatabaseInstanceIdentifierPredicateTest.createAllowedRoles(false),
+ new GroupIdentifier(
+ DatabaseInstanceIdentifierPredicateTest.ANOTHER_INSTANCE_CODE,
+ ANOTHER_GROUP_CODE));
+ assertEquals(StatusFlag.ERROR, evaluation.getFlag());
+ assertEquals(
+ "User 'megapixel' does not have enough privileges to access data in the group 'DB2:/G2'.",
+ evaluation.tryGetErrorMessage());
+ context.assertIsSatisfied();
+ }
+
+ @Test
+ public final void testAccessAnotherGroup()
+ {
+ final DatabaseInstancePE homeDatabaseInstance =
+ DatabaseInstanceIdentifierPredicateTest.createDatabaseInstance();
+ final GroupIdentifierPredicate predicate = new GroupIdentifierPredicate();
+ final List<DatabaseInstancePE> databaseInstances =
+ Arrays.asList(homeDatabaseInstance, DatabaseInstanceIdentifierPredicateTest
+ .createAnotherDatabaseInstance());
+ final List<GroupPE> groups = createGroups();
+ groups.add(createGroup(ANOTHER_GROUP_CODE, 34L, homeDatabaseInstance));
+ context.checking(new Expectations()
+ {
+ {
+ one(daoFactory).getDatabaseInstancesDAO();
+ will(returnValue(databaseInstanceDAO));
+
+ one(daoFactory).getGroupDAO();
+ will(returnValue(groupDAO));
+
+ one(databaseInstanceDAO).listDatabaseInstances();
+ will(returnValue(databaseInstances));
+
+ one(groupDAO).listGroups();
+ will(returnValue(groups));
+ }
+ });
+ predicate.init(daoFactory);
+ final Status evaluation =
+ predicate.doEvaluation(DatabaseInstanceIdentifierPredicateTest.createPerson(),
+ DatabaseInstanceIdentifierPredicateTest.createAllowedRoles(false),
+ new GroupIdentifier(DatabaseInstanceIdentifierPredicateTest.INSTANCE_CODE,
+ ANOTHER_GROUP_CODE));
+ assertEquals(StatusFlag.ERROR, evaluation.getFlag());
+ assertEquals(
+ "User 'megapixel' does not have enough privileges to access data in the group 'DB1:/G2'.",
+ evaluation.tryGetErrorMessage());
+ context.assertIsSatisfied();
+ }
+}
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/NewExperimentPredicateTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/NewExperimentPredicateTest.java
new file mode 100644
index 00000000000..e4084df64d2
--- /dev/null
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/NewExperimentPredicateTest.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2008 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.server.authorization.predicate;
+
+import static org.testng.AssertJUnit.assertFalse;
+
+import org.testng.annotations.Test;
+
+import ch.systemsx.cisd.lims.base.dto.NewExperiment;
+import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.NewExperimentPredicate;
+
+/**
+ * Test cases for corresponding {@link NewExperimentPredicate} class.
+ *
+ * @author Christian Ribeaud
+ */
+public final class NewExperimentPredicateTest
+{
+ private final NewExperiment createNewExperiment()
+ {
+ return new NewExperiment();
+ }
+
+ @Test
+ public final void testWithoutInit()
+ {
+ final NewExperimentPredicate predicate = new NewExperimentPredicate();
+ boolean fail = true;
+ try
+ {
+ predicate.evaluate(DatabaseInstanceIdentifierPredicateTest.createPerson(),
+ DatabaseInstanceIdentifierPredicateTest.createAllowedRoles(false),
+ createNewExperiment());
+ } catch (final AssertionError e)
+ {
+ fail = false;
+ }
+ assertFalse(fail);
+ }
+}
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/QueryRestrictionPredicateTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/QueryRestrictionPredicateTest.java
new file mode 100644
index 00000000000..f895e02269e
--- /dev/null
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/QueryRestrictionPredicateTest.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2008 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.server.authorization.predicate;
+
+import static org.testng.AssertJUnit.assertFalse;
+
+import org.testng.annotations.Test;
+
+import ch.systemsx.cisd.lims.base.dto.QueryRestriction;
+import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.QueryRestrictionPredicate;
+
+/**
+ * Test cases for corresponding {@link QueryRestrictionPredicate} class.
+ *
+ * @author Christian Ribeaud
+ */
+public final class QueryRestrictionPredicateTest
+{
+ private final QueryRestriction createQueryRestriction()
+ {
+ return new QueryRestriction();
+ }
+
+ @Test
+ public final void testWithoutInit()
+ {
+ final QueryRestrictionPredicate predicate = new QueryRestrictionPredicate();
+ boolean fail = true;
+ try
+ {
+ predicate.evaluate(DatabaseInstanceIdentifierPredicateTest.createPerson(),
+ DatabaseInstanceIdentifierPredicateTest.createAllowedRoles(false),
+ createQueryRestriction());
+ } catch (final AssertionError e)
+ {
+ fail = false;
+ }
+ assertFalse(fail);
+ }
+
+}
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/validator/GroupValidatorTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/validator/GroupValidatorTest.java
new file mode 100644
index 00000000000..1f07de0c749
--- /dev/null
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/validator/GroupValidatorTest.java
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2008 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.server.authorization.validator;
+
+import static org.testng.AssertJUnit.assertFalse;
+import static org.testng.AssertJUnit.assertTrue;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.testng.annotations.Test;
+
+import ch.systemsx.cisd.lims.base.dto.DatabaseInstancePE;
+import ch.systemsx.cisd.lims.base.dto.GroupPE;
+import ch.systemsx.cisd.lims.base.dto.PersonPE;
+import ch.systemsx.cisd.lims.base.dto.RoleAssignmentPE;
+import ch.systemsx.cisd.lims.base.role.RoleCode;
+import ch.systemsx.cisd.openbis.generic.server.authorization.validator.GroupValidator;
+
+/**
+ * Test cases for corresponding {@link GroupValidator} class.
+ *
+ * @author Christian Ribeaud
+ */
+public final class GroupValidatorTest
+{
+ private static final long GROUP_ID = 123L;
+
+ private static final long ANOTHER_GROUP_ID = 456L;
+
+ private static final long INSTANCE_ID = 987L;
+
+ private final static GroupPE createGroup()
+ {
+ final GroupPE group = new GroupPE();
+ group.setId(GROUP_ID);
+ group.setDatabaseInstance(createDatabaseInstance());
+ return group;
+ }
+
+ private final static GroupPE createAnotherGroup()
+ {
+ final GroupPE group = new GroupPE();
+ group.setId(ANOTHER_GROUP_ID);
+ group.setDatabaseInstance(createDatabaseInstance());
+ return group;
+ }
+
+ private final static DatabaseInstancePE createDatabaseInstance()
+ {
+ final DatabaseInstancePE databaseInstance = new DatabaseInstancePE();
+ databaseInstance.setId(INSTANCE_ID);
+ return databaseInstance;
+ }
+
+ final static PersonPE createPerson(final boolean withRoleAssignment)
+ {
+ final PersonPE person = new PersonPE();
+ if (withRoleAssignment)
+ {
+ final List<RoleAssignmentPE> list = new ArrayList<RoleAssignmentPE>();
+ // Database assignment
+ RoleAssignmentPE assignment = new RoleAssignmentPE();
+ assignment.setPerson(person);
+ assignment.setDatabaseInstance(createDatabaseInstance());
+ assignment.setRole(RoleCode.ADMIN);
+ list.add(assignment);
+ // Group assignment
+ assignment = new RoleAssignmentPE();
+ assignment.setPerson(person);
+ assignment.setGroup(createAnotherGroup());
+ assignment.setRole(RoleCode.USER);
+ list.add(assignment);
+ person.setRoleAssignments(list);
+ }
+ return person;
+ }
+
+ @Test
+ public final void testIsValidWithNull()
+ {
+ boolean fail = true;
+ try
+ {
+ new GroupValidator().isValid(null, null);
+ } catch (final AssertionError e)
+ {
+ fail = false;
+ }
+ assertFalse(fail);
+ }
+
+ @Test
+ public final void testIsValid()
+ {
+ final GroupValidator groupValidator = new GroupValidator();
+ assertFalse(groupValidator.isValid(createPerson(false), createGroup()));
+ // Valid because another group is in the same database instance and the person has a role in
+ // it.
+ assertTrue(groupValidator.isValid(createPerson(true), createAnotherGroup()));
+ assertTrue(groupValidator.isValid(createPerson(true), createGroup()));
+ }
+
+}
--
GitLab