r346 - in trunk/wikitty-api/src: main/java/org/nuiton/wikitty test/java/org/nuiton/wikitty test/java/org/nuiton/wikitty/layers
Author: bleny Date: 2010-09-27 10:53:29 +0200 (Mon, 27 Sep 2010) New Revision: 346 Url: http://nuiton.org/repositories/revision/wikitty/346 Log: start implementing security layer Added: trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/ trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/AbstractWikittyServiceTest.java trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java Removed: trunk/wikitty-api/src/test/java/org/nuiton/wikitty/cache/ Modified: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/Wikitty.java trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyCopyOnWrite.java trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyImpl.java trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyUtil.java trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceCachedTest.java Modified: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/Wikitty.java =================================================================== --- trunk/wikitty-api/src/main/java/org/nuiton/wikitty/Wikitty.java 2010-09-27 08:49:33 UTC (rev 345) +++ trunk/wikitty-api/src/main/java/org/nuiton/wikitty/Wikitty.java 2010-09-27 08:53:29 UTC (rev 346) @@ -36,6 +36,24 @@ void addExtension(List<WikittyExtension> exts); + /** + * add a meta-extension about the given extension to this wikitty + * @param metaExtension the metaExtension to add + * @param extension an extension already added to the wikitty + * @since 2.1 + */ + void addMetaExtension(WikittyExtension metaExtension, + WikittyExtension extension); + + + /** + * add a meta-extension on the given extension to this wikitty + * @param metaExtension the metaExtension to add + * @param extensionFqn the name of the extension already added to the wikitty + * @since 2.1 + */ + void addMetaExtension(WikittyExtension metaExtension, String extensionFqn); + boolean hasExtension(String extName); boolean hasField(String extName, String fieldName); @@ -137,6 +155,8 @@ boolean isEmpty(); - Wikitty clone() throws CloneNotSupportedException; + Wikitty clone() throws CloneNotSupportedException; + + } \ No newline at end of file Modified: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyCopyOnWrite.java =================================================================== --- trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyCopyOnWrite.java 2010-09-27 08:49:33 UTC (rev 345) +++ trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyCopyOnWrite.java 2010-09-27 08:53:29 UTC (rev 346) @@ -249,5 +249,25 @@ public boolean isEmpty() { return target.isEmpty(); } + + /** + * @see org.nuiton.wikitty.Wikitty#addMetaExtension(WikittyExtension, WikittyExtension) + */ + @Override + public void addMetaExtension(WikittyExtension metaExtension, + WikittyExtension extension) { + substituteTargetWithCopy(); + target.addMetaExtension(metaExtension, extension); + } + + /** + * @see org.nuiton.wikitty.Wikitty#addMetaExtension(WikittyExtension, String) + */ + @Override + public void addMetaExtension(WikittyExtension metaExtension, + String extensionFqn) { + substituteTargetWithCopy(); + target.addMetaExtension(metaExtension, extensionFqn); + } } Modified: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyImpl.java =================================================================== --- trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyImpl.java 2010-09-27 08:49:33 UTC (rev 345) +++ trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyImpl.java 2010-09-27 08:53:29 UTC (rev 346) @@ -208,7 +208,32 @@ } extensions.put(ext.name, ext); } + + /** + * @see org.nuiton.wikitty.Wikitty#addMetaExtension(WikittyExtension, WikittyExtension) + */ + @Override + public void addMetaExtension(WikittyExtension metaExtension, + WikittyExtension extension) { + addMetaExtension(metaExtension, extension.getName()); + } + /** + * @see org.nuiton.wikitty.Wikitty#addMetaExtension(WikittyExtension, String) + */ + @Override + public void addMetaExtension(WikittyExtension metaExtension, String extensionFqn) { + if (hasExtension(extensionFqn)) { + extensions.put( String.format("%s:%s", + extensionFqn, + metaExtension.getName()), + metaExtension); + // add field + } else { + throw new IllegalArgumentException("this wikitty doesn't have an extension named " + extensionFqn); + } + } + /* * @see org.nuiton.wikitty.Wikitty#addExtension(java.util.List) */ Modified: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java =================================================================== --- trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java 2010-09-27 08:49:33 UTC (rev 345) +++ trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java 2010-09-27 08:53:29 UTC (rev 346) @@ -1,27 +1,10 @@ -/* *##% - * Copyright (c) 2010 poussin. All rights reserved. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - *##%*/ - package org.nuiton.wikitty; import static org.nuiton.i18n.I18n._; +import java.util.ArrayList; +import java.util.Arrays; import java.util.Collection; -import java.util.Iterator; -import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.Map.Entry; @@ -52,9 +35,40 @@ /** cache de l'id du groupe AppAdmin */ transient protected String appAdminGroupId = null; + public static final String APPADMIN_LOGIN = "root"; + // TODO 20100826 bleny look for password in a config file + public static final String APPADMIN_PASSWORD = "toto"; + public WikittyServiceSecurity(WikittyService ws) { this.ws = ws; + + Wikitty appAdminGroup = getAppAdminGroup(null); + + if (WikittyGroupHelper.getMembers(appAdminGroup) == null) { + // first time boot + ws.storeExtension(null, WikittyUserAbstract.extensions); + ws.storeExtension(null, SecurityTokenAbstract.extensions); + ws.storeExtension(null, WikittyGroupAbstract.extensions); + + // create the appAdmin account + Wikitty appAdmin = new WikittyImpl(); + WikittyUserHelper.addExtension(appAdmin); + WikittyUserHelper.setLogin(appAdmin, APPADMIN_LOGIN); + WikittyUserHelper.setPassword(appAdmin, APPADMIN_PASSWORD); + ws.store(null, appAdmin); + + // add APPADMIN_LOGIN to AppAdmin group + WikittyGroupHelper.addMembers(appAdminGroup, appAdmin.getId()); + ws.store(null, appAdminGroup); + + // login as admin to add some security polices + String adminToken = login(APPADMIN_LOGIN, APPADMIN_PASSWORD); + + // FIXME 20100923 bleny make all tokens unwritable, except for app admin + + logout(adminToken); + } } @Override @@ -69,21 +83,65 @@ @Override public String login(String login, String password) { - String token = WikittyUtil.genSecurityToken(); - Wikitty wToken = new WikittyImpl(token); - // force add extension to wikitty - SecurityTokenHelper.addExtension(wToken); - // on passe token comme securityToken, mais il ne me semble pas - // que ce soit tres utile, mais comme ca c'est uniform - ws.store(null, wToken); - return token; + Wikitty user = ws.findByCriteria(null, Search.query().eq( + WikittyUser.FQ_FIELD_WIKITTYUSER_LOGIN, login).criteria()); + if (user == null) { + throw new IllegalArgumentException(String.format("no such account '%s'", login)); + } else { + // check password is valid + if (WikittyUserHelper.getPassword(user).equals(password)) { + String tokenId = WikittyUtil.genSecurityTokenId(); + Wikitty wikittyToken = new WikittyImpl(tokenId); + // force add extension to wikitty + SecurityTokenHelper.addExtension(wikittyToken); + SecurityTokenHelper.setUser(wikittyToken, user.getId()); + ws.store(null, wikittyToken); + log.debug(String.format("token '%s' is for login '%s'", + tokenId, login)); + return tokenId; + } else { + throw new SecurityException("bad password"); + } + } } + + public void createAccount(String securityToken, String login, String password) { + String userId = getUserId(securityToken); + if (isAppAdmin(securityToken, userId)) { + Wikitty user = ws.findByCriteria(securityToken, Search.query().eq( + WikittyUser.FQ_FIELD_WIKITTYUSER_LOGIN, login).criteria()); + if (user == null) { + user = new WikittyImpl(); + WikittyUserHelper.addExtension(user); + WikittyUserHelper.setLogin(user, login); + WikittyUserHelper.setPassword(user, password); + ws.store(null, user); + log.debug(String.format("login '%s' has userId '%s'", login, user.getId())); + } else { + throw new IllegalArgumentException( + String.format("account already exists '%s'", + login)); + } + } else { + throw new SecurityException("only admin can create accounts"); + } + } + public String getUserWikittyId(String securityToken, String login) { + String userId = getUserId(securityToken); + String userWikittyId = null; + Wikitty user = ws.findByCriteria(null, Search.query().eq( + WikittyUser.FQ_FIELD_WIKITTYUSER_LOGIN, login).criteria()); + if (user != null) { + userWikittyId = user.getId(); + } + return userWikittyId; + } + @Override public void logout(String securityToken) { - // on passe securityToken comme token, mais il ne me semble pas - // que ce soit tres utile, mais comme ca c'est uniform - ws.delete(null, securityToken); + getUserId(securityToken); // will throw exception if token is not valid + ws.delete(securityToken, securityToken); } @Override @@ -93,177 +151,321 @@ // seul les AppAdmin on le droit a cette method ws.clear(securityToken); } else { - throw new SecurityException(_("user %s can't clear data", - getUserId(securityToken))); + throw new SecurityException(_("user %s can't clear data", userId)); } } - - /** - * Prepare l'ecriture en ajoutant s'il le faut l'extension - * WikittyAuthorisation et en fixant l'owner a l'utilisateur courant + + protected String extensionToWikittySecurityId(WikittyExtension extension) { + return String.format("WikittySecurity'%s'", extension.getName()); + } + + /** */ + public Wikitty addWikittyAuthorisation(String securityToken, + WikittyExtension extension) { + String userId = getUserId(securityToken); + if (isAppAdmin(securityToken, userId)) { + if (restoreExtensionAuthorisation(securityToken, extension) == null) { + String wikittyAuthorisationId = extensionToWikittySecurityId(extension); + Wikitty wikittyAuthorisation = new WikittyImpl(wikittyAuthorisationId); + WikittyAuthorisationHelper.addExtension(wikittyAuthorisation); + WikittyAuthorisationHelper.setOwner(wikittyAuthorisation, userId); + ws.store(securityToken, wikittyAuthorisation); + return wikittyAuthorisation; + } else { + throw new SecurityException(String.format( + "extension %s already has an security extension attached", + extension.getName())); + } + } else { + throw new SecurityException(String.format( + "Only members of %s group can add authorisation", + WIKITTY_APPADMIN_GROUP_NAME)); + } + } + + /** restore the wikitty authorisation attached to given extension * - * @param securityToken le token de securite qui permet de retrouver - * l'utilisateur - * @param wikitty le wikitty a sauver + * @return a wikitty with WikittyAuthorisation extension, or null if given + * extension has no security policy attached + * @throws SecurityException if user don't have rights required */ - protected void prepareWrite(String securityToken, Wikitty wikitty) { - Wikitty oldVersion = ws.restore(securityToken, wikitty.getId()); - if (oldVersion == null) { - // creation d'une nouvelle entity, on a des choses a faire - - // recuperation de l'utilisateur associe au securityToken - String userId = getUserId(securityToken); - - // on ajoute et on fixe les droits par defaut - WikittyAuthorisationHelper.addExtension(wikitty); - WikittyAuthorisationHelper.setOwner(wikitty, userId); + public Wikitty restoreExtensionAuthorisation(String securityToken, + WikittyExtension extension) { + String userId = getUserId(securityToken); + String wikittyAuthorisationId = extensionToWikittySecurityId(extension); + Wikitty wikittyAuthorisation = restore(securityToken, wikittyAuthorisationId); + if (wikittyAuthorisation == null) { + log.debug(extension + " has no authorization attached"); + } else { + /* + if ( ! canAdmin(securityToken, userId, wikittyAuthorisation)) { + throw new SecurityException(String.format( + "user %s doesn't have admin rights on extension %s", + userId, extension.getName())); + } + */ } + return wikittyAuthorisation; } + + public void storeWikittyAuthorisation(String securityToken, + Wikitty wikitty) { - @Override - public boolean canWrite(String securityToken, Wikitty wikitty) { - boolean result = false; - String userId = getUserId(securityToken); - // - // check security - // - // recuperation de l'ancienne version de l'objet pour verifier les droits - Wikitty oldVersion = ws.restore(securityToken, wikitty.getId()); - if (oldVersion == null) { - // creation d'une nouvelle entity + Wikitty oldVersion = ws.restore(null, wikitty.getId()); - // on verifie que l'on a le droit de creer une entity avec cette extension - // TODO poussin 20100607 trouver ou mettre l'autorisation qui retient l'information de qui a le droit de cree une extension - result = true; - } else { - // modification d'une entity existante + // check that the wikitty does not have + if (WikittyAuthorisationHelper.isExtension(wikitty)) { - // si c'est le owner il a tous les droits, a defaut les admins - // peuvent aussi le modifier - result = - // owner et admin peuvent tout modifier - isOwner(securityToken, userId, oldVersion) - || isAppAdmin(securityToken, userId) - || isAdmin(securityToken, userId, oldVersion) - // un writer ne peut pas modifier l'extension d'autorisation - || (WikittyAuthorisationAbstract.equals(oldVersion, wikitty) - && isWriter(securityToken, userId, oldVersion)); - } - return result; - } + if (oldVersion == null) { + // if this exception is raised, you should use addWikittyAuthorisation() + throw new IllegalArgumentException("you can't store an authorisation for the fist time"); - @Override - public boolean canDelete(String securityToken, String wikittyId) { - boolean result = false; + } else { + + if ( canAdmin(securityToken, userId, oldVersion) ) { + + if (isAdmin(securityToken, userId, oldVersion)) { + // admin can't change owner, admin or parent + // putting back old values + Object oldValue = oldVersion.getFieldAsObject( + WikittyAuthorisation.EXT_WIKITTYAUTHORISATION, + WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_OWNER); + wikitty.setField(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION, + WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_OWNER, + oldValue); - // - // check security - // + WikittyAuthorisationHelper.setOwner(wikitty, + WikittyAuthorisationHelper.getOwner(oldVersion)); + WikittyAuthorisationHelper.setParent(wikitty, + WikittyAuthorisationHelper.getParent(oldVersion)); + + } - // recuperation de l'ancienne version de l'objet pour verifier les droits - Wikitty oldVersion = ws.restore(securityToken, wikittyId); - if (oldVersion == null) { - // l'objet n'existe pas donc la suppression retourne true - result = true; + ws.store(null, wikitty); + } else { + throw new SecurityException(String.format( + "user %s can't admin rights for this extension", userId)); + } + } } else { - // suppresion d'une entity existante - String userId = getUserId(securityToken); - - // si c'est le owner il a tous les droits, a defaut les admins - // peuvent aussi le supprimer - result = - // owner et admin peuvent tout modifier - isOwner(securityToken, userId, oldVersion) - || isAppAdmin(securityToken, userId) - || isAdmin(securityToken, userId, oldVersion); + throw new IllegalArgumentException(String.format( + "wikitty %s is not a wikittyAuthorisation. It misses the extension", + wikitty)); } - return result; + } - - @Override - public boolean canRead(String securityToken, String wikittyId) { - // recuperation de l'utilisateur associe au securityToken - Wikitty securityTokenWikitty = ws.restore(securityToken, securityToken); - String userId = SecurityTokenHelper.getUser(securityTokenWikitty); - // - // check security - // + /** true if userId has the right to write on extension */ + protected boolean canRead(String securityToken, String userId, Wikitty extensionRights) { + boolean canRead = isReader(securityToken, userId, extensionRights) + || canWrite(securityToken, userId, extensionRights); + return canRead; + } - // recuperation de l'objet pour verifier les droits - Wikitty w = ws.restore(securityToken, wikittyId); - boolean result = isReader(securityToken, userId, w) - || isOwner(securityToken, userId, w) - || isAppAdmin(securityToken, userId) - || isAdmin(securityToken, userId, w) - || isWriter(securityToken, userId, w); - return result; + /** true if userId has the right to write on extension */ + protected boolean canWrite(String securityToken, String userId, Wikitty extensionRights) { + boolean canWrite = isWriter(securityToken, userId, extensionRights) + || isOwner(securityToken, userId, extensionRights) + || isAppAdmin(securityToken, userId); + return canWrite; } + /** true if userId has the right to admin on extension */ + protected boolean canAdmin(String securityToken, String userId, Wikitty extensionRights) { + boolean canWrite = isAdmin(securityToken, userId, extensionRights) + || isOwner(securityToken, userId, extensionRights) + || isAppAdmin(securityToken, userId); + return canWrite; + } + + /** true if userId has the right is owner of all the extensions of the given wikitty */ + protected boolean canDelete(String securityToken, String userId, Wikitty wikitty) { + if (isAppAdmin(securityToken, userId)) { + return true; + } + + // now read all extensions for this wikitty, and return false + // if user is not owner on one of those extensions + for (WikittyExtension extension : wikitty.getExtensions()) { + Wikitty extensionRights = restoreExtensionAuthorisation(securityToken, extension); + boolean canDelete = extensionRights == null + || isOwner(securityToken, userId, extensionRights); + // FIXME 20100922 bleny if appadmin ? + if (! canDelete) { + return false; + } + } + return true; + } + @Override public UpdateResponse store(String securityToken, Wikitty wikitty) { - if (canWrite(securityToken, wikitty)) { - prepareWrite(securityToken, wikitty); - UpdateResponse result = ws.store(securityToken, wikitty); - return result; - } else { - throw new SecurityException(_("user %s can't modify object %s", - getUserId(securityToken), wikitty.getId())); - } + Collection<Wikitty> wikitties = Arrays.asList(wikitty); + wikitties = removeUnauthorizedModifications(securityToken, wikitties); + UpdateResponse result = ws.store(securityToken, wikitties); + return result; } @Override public UpdateResponse store(String securityToken, Collection<Wikitty> wikitties) { - for (Wikitty w : wikitties) { - if (!canWrite(securityToken, w)) { - throw new SecurityException(_("user %s can't modify object %s", - getUserId(securityToken), w.getId())); + Collection<Wikitty> wikittiesToStore = removeUnauthorizedModifications(securityToken, wikitties); + UpdateResponse result = ws.store(securityToken, wikittiesToStore); + return result; + } + + @Override + public UpdateResponse store(String securityToken, Collection<Wikitty> wikitties, boolean disableAutoVersionIncrement) { + Collection<Wikitty> wikittiesToStore = removeUnauthorizedModifications(securityToken, wikitties); + UpdateResponse result = ws.store(securityToken, wikittiesToStore, disableAutoVersionIncrement); + return result; + } + + /** + * + */ + protected Collection<Wikitty> removeUnauthorizedModifications(String securityToken, Collection<Wikitty> wikitties) { + String userId = getUserId(securityToken); + List<Wikitty> wikittiesToStore = new ArrayList<Wikitty>(); + for (Wikitty wikitty : wikitties) { + // check that the wikitty does not have + if (WikittyAuthorisationHelper.isExtension(wikitty)) { + storeWikittyAuthorisation(securityToken, wikitty); + } else { + // usual case, a user want to store a wikitty + Wikitty oldVersion = ws.restore(null, wikitty.getId()); + if (oldVersion == null) { // it's a creation + // check that **reader** right on Security for all extension + } else { // it's an update + // filtering, revert changes on field that this user can't write + for (WikittyExtension extension : wikitty.getExtensions()) { + Wikitty extensionRights = restoreExtensionAuthorisation(securityToken, extension); + if (extensionRights != null) { + if ( ! canWrite(securityToken, userId, extensionRights)) { + // the user doesn't have the rights to write + // on the fields of extension. Moving back + // values to the old one + for (String fieldName : extension.getFieldNames()) { + if (oldVersion == null) { + wikitty.setField(extension.getName(), fieldName, null); + } else { + Object oldValue = oldVersion.getFieldAsObject(extension.getName(), fieldName); + wikitty.setField(extension.getName(), fieldName, oldValue); + } + } + } + } // else no particular right on this extension + } + wikittiesToStore.add(wikitty); + } } } - for (Wikitty w : wikitties) { - prepareWrite(securityToken, w); - } - UpdateResponse result = ws.store(securityToken, wikitties); + return wikittiesToStore; + } + + @Override + public UpdateResponse store(String securityToken, WikittyTransaction transaction, Collection<Wikitty> wikitties, boolean disableAutoVersionIncrement) { + Collection<Wikitty> wikittiesToStore = removeUnauthorizedModifications(securityToken, wikitties); + UpdateResponse result = ws.store(securityToken, transaction, wikittiesToStore, disableAutoVersionIncrement); return result; } + + @Override + public Wikitty restore(String securityToken, String id) { + List<String> ids = Arrays.asList(id); + List<Wikitty> wikitties = restore(securityToken, ids); + Wikitty wikitty = null; + if (! wikitties.isEmpty()) { + wikitty = wikitties.get(0); + } + return wikitty; + } @Override - public UpdateResponse store(String securityToken, Collection<Wikitty> wikitties, boolean disableAutoVersionIncrement) { - for (Wikitty w : wikitties) { - if (!canWrite(securityToken, w)) { - throw new SecurityException(_("user %s can't modify object %s", - getUserId(securityToken), w.getId())); + public List<Wikitty> restore(String securityToken, List<String> ids) { + List<Wikitty> wikitties = new ArrayList<Wikitty>(); + for (String id : ids) { + // do it first, will throw an exception if security token is invalid + + String userId = getUserId(securityToken); + + Wikitty wikitty = ws.restore(securityToken, id); + if (wikitty != null) { + // FIXME 20100827 bleny copy on write is done because setting some field to null below modify stored wikitty if WikittyServiceInMemory is used + wikitty = new WikittyCopyOnWrite(wikitty); + + for (WikittyExtension extension : wikitty.getExtensions()) { + Wikitty extensionRights = restoreExtensionAuthorisation(securityToken, extension); + + // field of extension can be read if no policy attached + // if a policy is attached, check that user has right to read + boolean canRead = extensionRights == null || canRead(securityToken, userId, extensionRights); + if ( ! canRead) { + for (String fieldName : extension.getFieldNames()) { + wikitty.setField(extension.getName(), fieldName, null); + } + } + } + wikitties.add(wikitty); } } - for (Wikitty w : wikitties) { - prepareWrite(securityToken, w); - } - UpdateResponse result = ws.store(securityToken, wikitties, disableAutoVersionIncrement); - return result; + return wikitties; } @Override - public UpdateResponse store(String securityToken, WikittyTransaction transaction, - Collection<Wikitty> wikitties, boolean disableAutoVersionIncrement) { - for (Wikitty w : wikitties) { - if (!canWrite(securityToken, w)) { - throw new SecurityException(_("user %s can't modify object %s", - getUserId(securityToken), w.getId())); + public List<Wikitty> restore(String securityToken, WikittyTransaction transaction, List<String> ids) { + throw new UnsupportedOperationException(); + // ws.restore(securityToken, transaction, ids); + } + + @Override + public void delete(String securityToken, String id) { + Collection<String> ids = Arrays.asList(id); + delete(securityToken, ids); + } + + @Override + public void delete(String securityToken, Collection<String> ids) { + List<String> idsAsList = new ArrayList<String>(ids); + secureDelete(securityToken, idsAsList); + } + + /** delete wikitties only if user has right to */ + protected void secureDelete(String securityToken, List<String> ids) { + String userId = getUserId(securityToken); + + List<Wikitty> wikitties = ws.restore(securityToken, ids); + List<String> idsToRemove = new ArrayList<String>(); + + for (Wikitty wikitty : wikitties) { + if ( canDelete(securityToken, userId, wikitty)) { + idsToRemove.add(wikitty.getId()); } } - for (Wikitty w : wikitties) { - // preparation des wikitty pour la sauvegarde - // - ajout extension d'autorisation si necessaire - prepareWrite(securityToken, w); - } - UpdateResponse result = ws.store(securityToken, transaction, wikitties, - disableAutoVersionIncrement); - return result; - } + ws.delete(securityToken, idsToRemove); + } + @Override + @Deprecated + public boolean canWrite(String securityToken, Wikitty wikitty) { + throw new UnsupportedOperationException(); + } + + @Override + @Deprecated + public boolean canDelete(String securityToken, String wikittyId) { + throw new UnsupportedOperationException(); + } + + @Override + @Deprecated + public boolean canRead(String securityToken, String wikittyId) { + throw new UnsupportedOperationException(); + } + + @Override public List<String> getAllExtensionIds(String securityToken) { // All people can read extension return ws.getAllExtensionIds(securityToken); @@ -279,22 +481,30 @@ @Override public UpdateResponse storeExtension( String securityToken, WikittyExtension ext) { - // TODO poussin 20100607 check security, mais qui a le droit ? - return ws.storeExtension(securityToken, ext); + Collection<WikittyExtension> exts = Arrays.asList(ext); + return storeExtension(securityToken, exts); } @Override public UpdateResponse storeExtension(String securityToken, Collection<WikittyExtension> exts) { // TODO poussin 20100607 check security, mais qui a le droit ? + + + + return ws.storeExtension(securityToken, exts); } @Override public UpdateResponse storeExtension(String securityToken, WikittyTransaction transaction, Collection<WikittyExtension> exts) { - // TODO poussin 20100607 check security, mais qui a le droit ? - return ws.storeExtension(securityToken, transaction, exts); + String userId = getUserId(securityToken); + UpdateResponse response = null; + if (isAppAdmin(securityToken, userId)) { + response = ws.storeExtension(securityToken, transaction, exts); + } + return response; } @Override @@ -325,75 +535,6 @@ } @Override - public Wikitty restore(String securityToken, String id) { - Wikitty result = null; - if (canRead(securityToken, id)) { - result = ws.restore(securityToken, id); - } else { - if (log.isDebugEnabled()) { - log.debug(_("user %s can't read object %s", - getUserId(securityToken), id)); - } - } - return result; - } - - @Override - public List<Wikitty> restore(String securityToken, List<String> ids) { - List<String> authorizedIds = new LinkedList<String>(ids); - for (Iterator<String> i=authorizedIds.iterator(); i.hasNext();) { - String id = i.next(); - if (!canRead(securityToken, id)) { - if (log.isDebugEnabled()) { - log.debug(_( - "user %s can't read object %s, remove it in restore list", - getUserId(securityToken), id)); - } - i.remove(); - } - } - - return ws.restore(securityToken, authorizedIds); - } - - @Override - public List<Wikitty> restore(String securityToken, WikittyTransaction transaction, List<String> ids) { - List<String> authorizedIds = new LinkedList<String>(ids); - for (Iterator<String> i=authorizedIds.iterator(); i.hasNext();) { - String id = i.next(); - if (!canRead(securityToken, id)) { - if (log.isDebugEnabled()) { - log.debug(_( - "user %s can't read object %s, remove it in restore list", - getUserId(securityToken), id)); - } - i.remove(); - } - } - - return ws.restore(securityToken, transaction, authorizedIds); - } - - @Override - public void delete(String securityToken, String id) { - if (canDelete(securityToken, id)) { - ws.delete(securityToken, id); - } - } - - @Override - public void delete(String securityToken, Collection<String> ids) { - for (String id : ids) { - if (!canDelete(securityToken, id)) { - throw new SecurityException(_("user %s can't delete object %s", - getUserId(securityToken), id)); - } - } - - ws.delete(securityToken, ids); - } - - @Override public PagedResult<String> findAllByCriteria(String securityToken, Criteria criteria) { // All people can read PagedResult that contains only id PagedResult<String> result = ws.findAllByCriteria(securityToken, criteria); @@ -420,16 +561,6 @@ } @Override - public Wikitty findByCriteria(String securityToken, WikittyTransaction transaction, Criteria criteria) { - Wikitty result = ws.findByCriteria(securityToken, transaction, criteria); - if (!canRead(securityToken, result.getId())) { - // user don't have correct right, return null - result = null; - } - return result; - } - - @Override public void addLabel(String securityToken, String wikittyId, String label) { // TODO poussin 20100607 check security ws.addLabel(securityToken, wikittyId, label); @@ -467,12 +598,6 @@ } @Override - public List<String> deleteTree(String securityToken, String wikittyId) { - // FIXME poussin 20100607 check security - return ws.deleteTree(securityToken, wikittyId); - } - - @Override public Entry<TreeNode, Integer> restoreNode( String securityToken, String wikittyId, Criteria filter) { // FIXME poussin 20100607 check security @@ -504,7 +629,7 @@ // seul les AppAdmin on le droit a cette method return ws.syncEngin(securityToken); } else { - throw new SecurityException(_("user %s can't sync sear engine", + throw new SecurityException(_("user %s can't sync search engine", getUserId(securityToken))); } } @@ -538,56 +663,71 @@ // recuperation de l'utilisateur associe au securityToken // le securityToken est aussi l'id de l'objet Wikitty securityTokenWikitty = ws.restore(securityToken, securityToken); - if (securityTokenWikitty != null) { + if (securityTokenWikitty == null) { + throw new SecurityException(_("trying to use an invalidate security token %s", securityToken)); + } else { result = SecurityTokenHelper.getUser(securityTokenWikitty); } return result; } - /** - * Verifie que l'utilisateur est bien le proprietaire de l'objet + * verifie que l'utilisateur est dans la liste des admin * * @param userId * @param w - * @return + * @return vrai si et seulement si l'utilisateur est dans la liste des + * admin */ - protected boolean isOwner(String securityToken, String userId, Wikitty w) { - boolean result = false; - if (WikittyAuthorisationHelper.isExtension(w)) { - String owner = WikittyAuthorisationHelper.getOwner(w); - result = userId.equals(owner); - } + protected boolean isAdmin(String securityToken, String userId, Wikitty extensionRights) { + boolean result = isMember( + securityToken, userId, extensionRights, WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_ADMIN); return result; } /** - * verifie que l'utilisateur est dans la liste des admin + * verifie que l'utilisateur est dans la liste des writer * * @param userId * @param w * @return vrai si et seulement si l'utilisateur est dans la liste des - * admin + * writers */ - protected boolean isAdmin(String securityToken, String userId, Wikitty w) { + protected boolean isWriter(String securityToken, String userId, Wikitty extensionRights) { boolean result = isMember( - securityToken, userId, w, WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_ADMIN); + securityToken, userId, extensionRights, WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_WRITER); return result; } /** - * verifie que l'utilisateur est dans la liste des writer + * Verifie que l'utilisateur est bien le proprietaire de l'objet * * @param userId * @param w - * @return vrai si et seulement si l'utilisateur est dans la liste des - * writers + * @return */ - protected boolean isWriter(String securityToken, String userId, Wikitty w) { - boolean result = isMember( - securityToken, userId, w, WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_WRITER); + protected boolean isOwner(String securityToken, String userId, Wikitty extensionRights) { + String owner = WikittyAuthorisationHelper.getOwner(extensionRights); + boolean result = userId.equals(owner); return result; } + + protected boolean isMember(String securityToken, String userId, Wikitty extensionRights, String fieldName) { + Set<String> groupOrUser = extensionRights.getFieldAsSet( + WikittyAuthorisation.EXT_WIKITTYAUTHORISATION, + fieldName, + String.class); + boolean result = isMember(securityToken, userId, groupOrUser); + if (!result) { + // user don't have right on current object, check parent right + String parentId = WikittyAuthorisationHelper.getParent(extensionRights); + if (parentId != null) { + Wikitty parent = ws.restore(securityToken, parentId); + result = isMember(securityToken, userId, parent, fieldName); + } + } + return result; + } /** * Par defaut un objet est lisible par tous, sauf s'il a l'extension @@ -627,6 +767,13 @@ * @return */ protected boolean isAppAdmin(String securityToken, String userId) { + Wikitty group = getAppAdminGroup(securityToken); + Set<String> ids = WikittyGroupHelper.getMembers(group); + boolean result = isMember(securityToken, userId, ids); + return result; + } + + protected Wikitty getAppAdminGroup(String securityToken) { Wikitty group; if (appAdminGroupId == null) { // 1er fois, on le recherche @@ -639,48 +786,19 @@ group = ws.restore(securityToken, appAdminGroupId); // group peut-etre null, si entre temps un admin a supprime le group } + if (group == null) { // il n'existe pas on le cree. - WikittyGroup appAdminGroup = new WikittyGroupImpl(); + WikittyGroupAbstract appAdminGroup = new WikittyGroupImpl(); appAdminGroup.setName(WIKITTY_APPADMIN_GROUP_NAME); - } - // on garde l'id pour ne plus faire la recherche, - // vu que le groupe doit etre unique cela ne pose pas de probleme - appAdminGroupId = group.getId(); + ws.store(securityToken, appAdminGroup.getWikitty()); + group = appAdminGroup.getWikitty(); - Set<String> ids = WikittyGroupHelper.getMembers(group); - boolean result = isMember(securityToken, userId, ids); - return result; - } - - /** - * verifie qu'un utilisateur est membre d'un groupe passe en parametre via - * l'arguement field - * - * @param userId - * @param w - * @param field must be WikittyAuthorisation field name: admin, writer, reader - * @return - */ - protected boolean isMember( - String securityToken, String userId, Wikitty w, String field) { - boolean result = false; - if (WikittyAuthorisationHelper.isExtension(w)) { - Set<String> groupOrUser = w.getFieldAsSet( - WikittyAuthorisation.EXT_WIKITTYAUTHORISATION, - field, - String.class); - result = isMember(securityToken, userId, groupOrUser); - if (!result) { - // user don't have right on current object, check parent right - String parentId = WikittyAuthorisationHelper.getParent(w); - if (parentId != null) { - Wikitty parent = ws.restore(securityToken, parentId); - result = isMember(securityToken, userId, parent, field); - } - } + // on garde l'id pour ne plus faire la recherche, + // vu que le groupe doit etre unique cela ne pose pas de probleme + appAdminGroupId = group.getId(); } - return result; + return group; } /** @@ -693,26 +811,33 @@ */ protected boolean isMember( String securityToken, String userId, Set<String> groupOrUser) { - boolean result = false; if (groupOrUser != null) { for (String id : groupOrUser) { if (userId.equals(id)) { - result = true; - break; + return true; } else { - Wikitty w = ws.restore(securityToken, id); - if (WikittyGroupHelper.isExtension(w)) { - Set<String> members = WikittyGroupHelper.getMembers(w); - if (isMember(securityToken, userId, members)) { - result = true; - break; - } + Wikitty groupWikitty = ws.restore(securityToken, id); + if (WikittyGroupHelper.isExtension(groupWikitty)) { + Set<String> members = WikittyGroupHelper.getMembers(groupWikitty); + return isMember(securityToken, userId, members); } } } } - // not found in groupOrUser - return result; + return false; // not found in groupOrUser } + @Override + public Wikitty findByCriteria(String securityToken, + WikittyTransaction transaction, Criteria criteria) { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> deleteTree(String securityToken, String treeNodeId) { + // TODO Auto-generated method stub + return null; + } + } Modified: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyUtil.java =================================================================== --- trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyUtil.java 2010-09-27 08:49:33 UTC (rev 345) +++ trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyUtil.java 2010-09-27 08:53:29 UTC (rev 346) @@ -774,7 +774,7 @@ * * @return SecurityToken that can be used like wikitty id */ - static public String genSecurityToken() { + static public String genSecurityTokenId() { String result = "_" + Math.abs(Math.random()); result.replace(".", ""); // on supprime le '.' dans le nombre aleatoire result = genUID() + result; Added: trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/AbstractWikittyServiceTest.java =================================================================== --- trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/AbstractWikittyServiceTest.java (rev 0) +++ trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/AbstractWikittyServiceTest.java 2010-09-27 08:53:29 UTC (rev 346) @@ -0,0 +1,39 @@ +package org.nuiton.wikitty.layers; + +import org.junit.Before; +import org.nuiton.wikitty.ExtensionFactory; +import org.nuiton.wikitty.FieldType.TYPE; +import org.nuiton.wikitty.Wikitty; +import org.nuiton.wikitty.WikittyExtension; +import org.nuiton.wikitty.WikittyImpl; +import org.nuiton.wikitty.WikittyService; + +public abstract class AbstractWikittyServiceTest { + + /** a wikitty service (in memory) with a cache */ + protected WikittyService service; + + protected static final String EXT_NAME = "myextension"; + protected static final String FIELD_NAME = "myfield"; + protected static final String VALUE = "myvalue"; + + /** an extension */ + protected WikittyExtension extension; + + /** a wikitty with extension */ + protected Wikitty aWikitty; + + protected String token; + + /** create a service, an extension, a wikitty, login, and store wikitty */ + @Before + public void setUp() throws Exception { + extension = ExtensionFactory.create(EXT_NAME, "1") + .addField(FIELD_NAME, TYPE.STRING) + .extension(); + aWikitty = new WikittyImpl(); + aWikitty.addExtension(extension); + aWikitty.setField(EXT_NAME, FIELD_NAME, VALUE); + } + +} Modified: trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceCachedTest.java =================================================================== --- trunk/wikitty-api/src/test/java/org/nuiton/wikitty/cache/WikittyServiceCachedTest.java 2010-09-20 12:34:30 UTC (rev 325) +++ trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceCachedTest.java 2010-09-27 08:53:29 UTC (rev 346) @@ -1,9 +1,7 @@ -package org.nuiton.wikitty.cache; +package org.nuiton.wikitty.layers; - import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotSame; -import static org.junit.Assert.assertTrue; import java.util.ArrayList; import java.util.List; @@ -11,53 +9,25 @@ import org.junit.Before; import org.junit.Test; -import org.nuiton.wikitty.ExtensionFactory; -import org.nuiton.wikitty.FieldType.TYPE; import org.nuiton.wikitty.Wikitty; -import org.nuiton.wikitty.WikittyExtension; -import org.nuiton.wikitty.WikittyImpl; -import org.nuiton.wikitty.WikittyService; import org.nuiton.wikitty.WikittyServiceCached; import org.nuiton.wikitty.WikittyServiceInMemory; -/** check that the cache */ -public class WikittyServiceCachedTest { +/** test {@link WikittyServiceCached} */ +public class WikittyServiceCachedTest extends AbstractWikittyServiceTest { - /** a wikitty service (in memory) with a cache */ - protected WikittyService service; - - protected static final String EXT_NAME = "myextension"; - protected static final String FIELD_NAME = "myfield"; - - /** an extension */ - protected WikittyExtension extension; - - /** a wikitty with extension */ - protected Wikitty aWikitty; - - protected String token; - - /** create a service, an extension, a wikitty, login, and store wikitty */ @Before - public void setUp() throws Exception { - - extension = ExtensionFactory.create(EXT_NAME, "1") - .addField(FIELD_NAME, TYPE.STRING) - .extension(); - aWikitty = new WikittyImpl(); - aWikitty.addExtension(extension); - aWikitty.setField(EXT_NAME, FIELD_NAME, "myvalue"); - + public void setUpWikittyServiceCachedTest() { service = new WikittyServiceCached(new WikittyServiceInMemory()); token = service.login(null, null); - service.store(token, aWikitty); + service.store(token, aWikitty); } /** setting a field value doesn't corrupt cache */ @Test public void testRestore() throws Exception { Wikitty anotherWikitty = service.restore(token, aWikitty.getId()); - + // we set the value of a field anotherWikitty.setField(EXT_NAME, FIELD_NAME, "myothervalue"); @@ -109,5 +79,5 @@ assertEquals(anotherWikitty, yetAnotherWikitty); assertNotSame(anotherWikitty, yetAnotherWikitty); // two different objects } - + } Added: trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java =================================================================== --- trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java (rev 0) +++ trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java 2010-09-27 08:53:29 UTC (rev 346) @@ -0,0 +1,236 @@ +package org.nuiton.wikitty.layers; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.junit.Before; +import org.junit.Ignore; +import org.junit.Test; +import org.nuiton.wikitty.FieldType; +import org.nuiton.wikitty.FieldType.TYPE; +import org.nuiton.wikitty.TreeNodeAbstract; +import org.nuiton.wikitty.Wikitty; +import org.nuiton.wikitty.WikittyAuthorisation; +import org.nuiton.wikitty.WikittyAuthorisationHelper; +import org.nuiton.wikitty.WikittyAuthorisationImpl; +import org.nuiton.wikitty.WikittyService; +import org.nuiton.wikitty.WikittyServiceInMemory; +import org.nuiton.wikitty.WikittyServiceSecurity; + +/** test {@link org.nuiton.wikitty.WikittyServiceSecurity} */ +public class WikittyServiceSecurityTest extends AbstractWikittyServiceTest { + + private static final Log log = LogFactory.getLog(WikittyServiceSecurityTest.class); + + protected static final String APPADMIN_LOGIN = WikittyServiceSecurity.APPADMIN_LOGIN; + protected static final String APPADMIN_PASSWORD = WikittyServiceSecurity.APPADMIN_PASSWORD; + + protected WikittyServiceSecurity securityService; + + protected String noRightsToken; + protected String readerToken; + protected String writerToken; + protected String adminToken; + protected String ownerToken; + + @Before + public void setUpWikittyServiceSecurityTest() { + WikittyService inMemoryService = new WikittyServiceInMemory(); + + securityService = new WikittyServiceSecurity(inMemoryService); + + service = securityService; + + token = service.login(APPADMIN_LOGIN, APPADMIN_PASSWORD); + + securityService.createAccount(token, "i have no rights", ""); + securityService.createAccount(token, "reader", ""); + securityService.createAccount(token, "writer", ""); + securityService.createAccount(token, "admin", ""); + securityService.createAccount(token, "owner", ""); + + Wikitty authorizations = securityService.addWikittyAuthorisation(token, extension); + WikittyAuthorisationHelper.addReader(authorizations, securityService.getUserWikittyId(token, "reader")); + WikittyAuthorisationHelper.addWriter(authorizations, securityService.getUserWikittyId(token, "writer")); + WikittyAuthorisationHelper.addAdmin(authorizations, securityService.getUserWikittyId(token, "admin")); + WikittyAuthorisationHelper.setOwner(authorizations, securityService.getUserWikittyId(token, "owner")); + + log.debug("initial wikitty rights" + authorizations); + + service.store(token, authorizations); + + Wikitty extensionAuthorisation = securityService.restoreExtensionAuthorisation(token, extension); + log.debug("restored initial rights " + extensionAuthorisation); + + service.logout(token); + token = null; + + ownerToken = service.login("owner", ""); + adminToken = service.login("admin", ""); + writerToken = service.login("writer", ""); + readerToken = service.login("reader", ""); + noRightsToken = service.login("i have no rights", ""); + } + + @Test + public void testInvalidToken() { + // try to store with invalid token + String invalidToken = "INVALID TOKEN"; + try { + service.store(invalidToken, aWikitty); + fail(); + } catch (SecurityException e) {} + + // now storing the wikitty for next tests + token = service.login(APPADMIN_LOGIN, APPADMIN_PASSWORD); + service.store(token, aWikitty); + + // try to make operations on the stored wikitty with a bad token + try { + service.restore(invalidToken, aWikitty.getId()); + fail(); + } catch (SecurityException e) {} + + try { + service.logout(invalidToken); + fail(); + } catch (SecurityException e) {} + + // now try to make a valid token invalid + service.logout(token); + try { + service.store(token, aWikitty); + fail(); + } catch (SecurityException e) {} + } + + /* *** level 1 security tests ***/ + + @Ignore + @Test + public void testReaderRightOnWikitty() { + +// aWikitty.addMetaExtension(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION, extension); + // delegate to WikittyAuthorisationHelper.addMetaExtension(extension, aWikitty) + +// WikittyAuthorisation auth = new WikittyAuthorisationImpl(extension, aWikitty); +// auth +// WikittyAuthorisation authautre = new WikittyAuthorisationImpl(aWikitty); +// +// auth.clearReader(); + + + } + + /* *** level 2 security tests ***/ + + /** test level 2 reader right */ + @Ignore + @Test + public void checkReaderRightOnExtension() { + + try { + service.store(noRightsToken, aWikitty); + fail("an exception should have been raised"); + } catch (SecurityException e) { + log.debug("creating a wikitty without rights", e); + } + + try { + service.restoreExtension(noRightsToken, extension.getId()); + fail("an exception should have been raised"); + } catch (SecurityException e) { + log.debug("creating a wikitty without rights", e); + } + + try { + service.restoreExtensionLastVersion(noRightsToken, extension.getName()); + fail("an exception should have been raised"); + } catch (SecurityException e) { + log.debug("creating a wikitty without rights", e); + } + + try { + service.store(readerToken, aWikitty); + service.restoreExtension(readerToken, extension.getId()); + service.restoreExtensionLastVersion(readerToken, extension.getName()); + } catch (SecurityException e) { + fail("an exception has been raised"); + } + + } + + @Ignore + @Test + public void checkWriterRightOnExtension() { + + FieldType fieldType = new FieldType(FieldType.TYPE.STRING, 0, 1); + + service.restoreExtensionLastVersion(writerToken, extension.getName()); + extension.addField("new_field", fieldType); + + try { + service.storeExtension(readerToken, extension); + fail("an exception should have been raised"); + } catch (SecurityException e) {} + + try { + service.storeExtension(writerToken, extension); + } catch (SecurityException e) { + fail("an exception has been raised"); + } + } + + @Ignore + @Test + public void checkAdminRightOnExtention() { + // TODO 20100923 bleny check that store with no sufficient rights fail + + Wikitty extensionAuthorisation = securityService.restoreExtensionAuthorisation(adminToken, extension); + + log.debug("initial rights " + extensionAuthorisation); + + // set no reader, ID1 as single writer and ID2 as owner + WikittyAuthorisationHelper.clearReader(extensionAuthorisation); + WikittyAuthorisationHelper.clearWriter(extensionAuthorisation); + WikittyAuthorisationHelper.addWriter(extensionAuthorisation, "ID1"); + WikittyAuthorisationHelper.setOwner(extensionAuthorisation, "ID2"); + + // FIXME 20100920 bleny this instruction mekes the test fail by clearing + // the admin field. There is a side effect on the stored wikitty and restored + // wikitty in store (oldVersion) has "admin" field empty + // WikittyAuthorisationHelper.clearAdmin(extensionAuthorisation); + + log.debug("will store rights " + extensionAuthorisation); + service.store(adminToken, extensionAuthorisation); + + // now, restore and check that rights are preserved + extensionAuthorisation = service.restore(adminToken, extensionAuthorisation.getId()); + + log.debug("restored rights " + extensionAuthorisation); + + // check that reader changes has been saved + assertTrue(WikittyAuthorisationHelper.getReader(extensionAuthorisation).isEmpty()); + + // check that ID1 is writer + assertTrue(WikittyAuthorisationHelper.getWriter(extensionAuthorisation).contains("ID1")); + // ... and no one else + assertEquals(1, WikittyAuthorisationHelper.getWriter(extensionAuthorisation).size()); + + // check that admin is not modified + assertFalse(WikittyAuthorisationHelper.getAdmin(extensionAuthorisation).isEmpty()); + + // check that ID2 is NOT owner (admin should not be able to change owner) + assertFalse(WikittyAuthorisationHelper.getOwner(extensionAuthorisation).equals("ID2")); + } + + @Test + public void checkOwnerRightOnExtention() { + // TODO + } +}
participants (1)
-
bleny@users.nuiton.org