use of alien4cloud.security.Permission in project alien4cloud by alien4cloud.
the class ResourcePermissionServiceTest method when_permission_added_at_application_level_remove_any_permissions_hidden_at_lower_level.
@Test
public void when_permission_added_at_application_level_remove_any_permissions_hidden_at_lower_level() {
// Given
resourceSecured = new AbstractSecurityEnabledResource() {
@Override
public String getId() {
return "id";
}
};
HashSet<Permission> permissions = new HashSet<>();
permissions.add(Permission.ADMIN);
resourceSecured.addPermissions(Subject.APPLICATION, "subject1", new HashSet<>(permissions));
resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject1_1", new HashSet<>(permissions));
resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject1_2", new HashSet<>(permissions));
resourceSecured.addPermissions(Subject.ENVIRONMENT_TYPE, "subject1:INTEGRATION_TESTS", new HashSet<>(permissions));
ApplicationEnvironment ae1 = new ApplicationEnvironment();
ae1.setId("subject1_1");
ae1.setEnvironmentType(EnvironmentType.INTEGRATION_TESTS);
ApplicationEnvironment ae2 = new ApplicationEnvironment();
ae2.setId("subject1_2");
ae2.setEnvironmentType(EnvironmentType.INTEGRATION_TESTS);
Mockito.when(applicationEnvironmentService.getByApplicationId("subject1")).thenReturn(new ApplicationEnvironment[] { ae1, ae2 });
// When
service.grantAuthorizedEnvironmentsAndEnvTypesPerApplication((AbstractSecurityEnabledResource) resourceSecured, new String[] { "subject1" }, new String[] { "subject1_1", "subject1_2" }, new String[] { "subject_env_1_1" });
// Then
verify(alienDAO).save(resourceSecuredCaptor.capture());
assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.APPLICATION, "subject1")).containsExactly(Permission.ADMIN);
assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT, "subject1_1")).isEmpty();
assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT, "subject1_2")).isEmpty();
assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT_TYPE, "subject1:INTEGRATION_TESTS")).isEmpty();
}
use of alien4cloud.security.Permission in project alien4cloud by alien4cloud.
the class ResourcePermissionServiceTest method when_permission_added_at_application_level_unrelated_environment_and_env_type_are_unmodified.
@Test
public void when_permission_added_at_application_level_unrelated_environment_and_env_type_are_unmodified() {
// Given
resourceSecured = new AbstractSecurityEnabledResource() {
@Override
public String getId() {
return "id";
}
};
HashSet<Permission> permissions = new HashSet<>();
permissions.add(Permission.ADMIN);
resourceSecured.addPermissions(Subject.APPLICATION, "subject1", new HashSet<>(permissions));
resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject1_1", new HashSet<>(permissions));
resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject2_1", new HashSet<>(permissions));
resourceSecured.addPermissions(Subject.ENVIRONMENT_TYPE, "subject1:INTEGRATION_TESTS", new HashSet<>(permissions));
ApplicationEnvironment ae1 = new ApplicationEnvironment();
ae1.setId("subject1_1");
ae1.setEnvironmentType(EnvironmentType.INTEGRATION_TESTS);
ApplicationEnvironment ae2 = new ApplicationEnvironment();
ae2.setId("subject2_1");
ae2.setEnvironmentType(EnvironmentType.INTEGRATION_TESTS);
Mockito.when(applicationEnvironmentService.getByApplicationId("subject1")).thenReturn(new ApplicationEnvironment[] { ae1 });
// When
service.grantAuthorizedEnvironmentsAndEnvTypesPerApplication((AbstractSecurityEnabledResource) resourceSecured, new String[] { "subject1" }, new String[] { "subject1_1", "subject2_1" }, new String[] { EnvironmentType.INTEGRATION_TESTS.toString() });
// Then
verify(alienDAO).save(resourceSecuredCaptor.capture());
assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.APPLICATION, "subject1")).containsExactly(Permission.ADMIN);
assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT, "subject1_1")).isEmpty();
assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT, "subject2_1")).containsExactly(Permission.ADMIN);
assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT_TYPE, EnvironmentType.INTEGRATION_TESTS.toString())).containsExactly(Permission.ADMIN);
}
use of alien4cloud.security.Permission in project alien4cloud by alien4cloud.
the class ResourcePermissionServiceTest method when_many_app_env_permission_are_revoked_the_resource_is_saved_only_one_time.
@Test
public void when_many_app_env_permission_are_revoked_the_resource_is_saved_only_one_time() throws Exception {
// Given
resourceSecured = new AbstractSecurityEnabledResource() {
@Override
public String getId() {
return "id";
}
};
HashSet<Permission> permissions = new HashSet<>();
permissions.add(Permission.ADMIN);
resourceSecured.addPermissions(Subject.APPLICATION, "subject1", new HashSet<>(permissions));
resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject1_1", new HashSet<>(permissions));
resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject1_2", new HashSet<>(permissions));
resourceSecured.addPermissions(Subject.ENVIRONMENT_TYPE, "subject_env_1_1", new HashSet<>(permissions));
ApplicationEnvironment ae1 = new ApplicationEnvironment();
ae1.setId("subject1_1");
ApplicationEnvironment ae2 = new ApplicationEnvironment();
ae2.setId("subject1_2");
Mockito.when(applicationEnvironmentService.getByApplicationId("subject1")).thenReturn(new ApplicationEnvironment[] { ae1, ae2 });
// When
service.revokeAuthorizedEnvironmentsAndEnvironmentTypesPerApplication((AbstractSecurityEnabledResource) resourceSecured, new String[] { "subject1" }, new String[] { "subject1_1", "subject1_2" }, new String[] { "subject_env_1_1" });
// Then
verify(alienDAO).save(resourceSecuredCaptor.capture());
}
use of alien4cloud.security.Permission in project alien4cloud by alien4cloud.
the class ResourcePermissionServiceTest method check_revoked_permissions_have_been_removed_from_resource.
@Test
public void check_revoked_permissions_have_been_removed_from_resource() {
// Given
resourceSecured = new AbstractSecurityEnabledResource() {
@Override
public String getId() {
return "id";
}
};
HashSet<Permission> permissions = new HashSet<>();
permissions.add(Permission.READ);
permissions.add(Permission.ADMIN);
resourceSecured.addPermissions(Subject.APPLICATION, "subject1", new HashSet<>(permissions));
resourceSecured.addPermissions(Subject.APPLICATION, "subject3", new HashSet<>(permissions));
// When
service.revokePermission(resourceSecured, resourceSaver, Subject.APPLICATION, "subject1", "subject2");
// Then
verify(resourceSaver).save(resourceSecuredCaptor.capture());
ISecurityEnabledResource resourceSecuredSaved = resourceSecuredCaptor.getValue();
assertThat(resourceSecuredSaved.getPermissions(Subject.APPLICATION, "subject1")).containsExactly(Permission.READ);
assertThat(resourceSecuredSaved.getPermissions(Subject.APPLICATION, "subject2")).isEmpty();
assertThat(resourceSecuredSaved.getPermissions(Subject.APPLICATION, "subject3")).containsExactlyInAnyOrder(Permission.ADMIN, Permission.READ);
}
Aggregations