use of eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto in project CzechIdMng by bcvsolutions.
the class IncompatibleRoleBySuperiorRoleEvaluatorIntegrationTest method canReadCompositionByRole.
@Test
public void canReadCompositionByRole() {
IdmIdentityDto identity = getHelper().createIdentity();
List<IdmIncompatibleRoleDto> results = null;
IdmRoleDto role = getHelper().createRole();
IdmRoleDto subRole = getHelper().createRole();
IdmRoleDto superiorRole = getHelper().createRole();
IdmIncompatibleRoleDto incompatibleRole = getHelper().createIncompatibleRole(role, subRole);
// other - without access
getHelper().createRoleComposition(superiorRole, role);
getHelper().createIdentityRole(identity, role);
getHelper().createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.READ);
// check created identity doesn't have compositions
try {
getHelper().login(identity.getUsername(), identity.getPassword());
Assert.assertEquals(role.getId(), roleService.get(role.getId(), IdmBasePermission.READ).getId());
results = service.find(null, IdmBasePermission.READ).getContent();
Assert.assertTrue(results.isEmpty());
} finally {
logout();
}
//
// create authorization policy - assign to role
getHelper().createAuthorizationPolicy(role.getId(), CoreGroupPermission.INCOMPATIBLEROLE, IdmIncompatibleRole.class, IncompatibleRoleBySuperiorRoleEvaluator.class);
//
try {
getHelper().login(identity);
//
// evaluate access
getHelper().login(identity.getUsername(), identity.getPassword());
results = service.find(null, IdmBasePermission.READ).getContent();
Assert.assertEquals(1, results.size());
Assert.assertEquals(incompatibleRole.getId(), results.get(0).getId());
//
Set<String> permissions = service.getPermissions(incompatibleRole);
Assert.assertEquals(1, permissions.size());
Assert.assertEquals(IdmBasePermission.READ.name(), permissions.iterator().next());
} finally {
logout();
}
//
getHelper().createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.UPDATE);
//
try {
getHelper().login(identity.getUsername(), identity.getPassword());
//
Set<String> permissions = service.getPermissions(incompatibleRole);
Assert.assertEquals(4, permissions.size());
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.READ.name())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.UPDATE.name())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.CREATE.name())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.DELETE.name())));
} finally {
logout();
}
}
use of eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto in project CzechIdMng by bcvsolutions.
the class IncompatibleRoleBySubRoleEvaluatorIntegrationTest method canReadCompositionByRole.
@Test
public void canReadCompositionByRole() {
IdmIdentityDto identity = getHelper().createIdentity();
List<IdmIncompatibleRoleDto> results = null;
IdmRoleDto role = getHelper().createRole();
IdmRoleDto subRole = getHelper().createRole();
IdmRoleDto superiorRole = getHelper().createRole();
// other - without access
getHelper().createRoleComposition(role, subRole);
IdmIncompatibleRoleDto incompatibleRole = getHelper().createIncompatibleRole(superiorRole, role);
getHelper().createIdentityRole(identity, role);
getHelper().createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.READ);
// check created identity doesn't have compositions
try {
getHelper().login(identity.getUsername(), identity.getPassword());
Assert.assertEquals(role.getId(), roleService.get(role.getId(), IdmBasePermission.READ).getId());
results = service.find(null, IdmBasePermission.READ).getContent();
Assert.assertTrue(results.isEmpty());
} finally {
logout();
}
//
// create authorization policy - assign to role
getHelper().createAuthorizationPolicy(role.getId(), CoreGroupPermission.INCOMPATIBLEROLE, IdmIncompatibleRole.class, IncompatibleRoleBySubRoleEvaluator.class);
//
try {
getHelper().login(identity.getUsername(), identity.getPassword());
//
// evaluate access
getHelper().login(identity.getUsername(), identity.getPassword());
results = service.find(null, IdmBasePermission.READ).getContent();
Assert.assertEquals(1, results.size());
Assert.assertEquals(incompatibleRole.getId(), results.get(0).getId());
} finally {
logout();
}
//
getHelper().createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.UPDATE);
//
try {
getHelper().login(identity.getUsername(), identity.getPassword());
//
Set<String> permissions = service.getPermissions(incompatibleRole);
Assert.assertEquals(4, permissions.size());
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.READ.name())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.UPDATE.name())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.CREATE.name())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.DELETE.name())));
} finally {
logout();
}
}
use of eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto in project CzechIdMng by bcvsolutions.
the class IdmIdentityControllerRestTest method testGetIncompatibleRolesWithoutRemovedInConcept.
@Test
public void testGetIncompatibleRolesWithoutRemovedInConcept() throws Exception {
IdmIdentityDto applicant = getHelper().createIdentity((GuardedString) null);
IdmRoleDto roleOne = getHelper().createRole();
IdmRoleDto roleTwo = getHelper().createRole();
IdmRoleDto roleThree = getHelper().createRole();
IdmRoleDto roleFour = getHelper().createRole();
IdmRoleDto roleFive = getHelper().createRole();
IdmRoleDto roleSix = getHelper().createRole();
// assign roles
getHelper().createIdentityRole(applicant, roleOne);
getHelper().createIdentityRole(applicant, roleTwo);
getHelper().createIdentityRole(applicant, roleThree);
getHelper().createIdentityRole(applicant, roleFour);
getHelper().createIdentityRole(applicant, roleFive);
// create incompatible roles definition
getHelper().createIncompatibleRole(roleOne, roleTwo);
getHelper().createIncompatibleRole(roleThree, roleFour);
getHelper().createIncompatibleRole(roleFive, roleSix);
//
String response = getMockMvc().perform(get(String.format("%s/incompatible-roles", getDetailUrl(applicant.getId()))).with(authentication(getAdminAuthentication())).contentType(TestHelper.HAL_CONTENT_TYPE)).andExpect(status().isOk()).andExpect(content().contentType(TestHelper.HAL_CONTENT_TYPE)).andReturn().getResponse().getContentAsString();
//
Set<IdmIncompatibleRoleDto> incompatibleRoles = toDtos(response, ResolvedIncompatibleRoleDto.class).stream().map(ResolvedIncompatibleRoleDto::getIncompatibleRole).collect(Collectors.toSet());
Assert.assertEquals(2, incompatibleRoles.size());
Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
return ir.getSuperior().equals(roleOne.getId()) && ir.getSub().equals(roleTwo.getId());
}));
Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
return ir.getSuperior().equals(roleThree.getId()) && ir.getSub().equals(roleFour.getId());
}));
}
use of eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto in project CzechIdMng by bcvsolutions.
the class IdmRoleControllerRestTest method testGetIncompatibleRoles.
@Test
public void testGetIncompatibleRoles() throws Exception {
IdmRoleDto roleOne = getHelper().createRole();
IdmRoleDto roleTwo = getHelper().createRole();
IdmRoleDto roleThree = getHelper().createRole();
IdmRoleDto roleFour = getHelper().createRole();
IdmRoleDto roleFive = getHelper().createRole();
IdmRoleDto roleSix = getHelper().createRole();
// create incompatible roles definition
getHelper().createIncompatibleRole(roleTwo, roleFive);
getHelper().createIncompatibleRole(roleFive, roleSix);
//
// create role composition
getHelper().createRoleComposition(roleOne, roleTwo);
getHelper().createRoleComposition(roleOne, roleThree);
getHelper().createRoleComposition(roleTwo, roleFour);
getHelper().createRoleComposition(roleThree, roleFive);
//
String response = getMockMvc().perform(get(String.format("%s/incompatible-roles", getDetailUrl(roleOne.getId()))).with(authentication(getAdminAuthentication())).contentType(TestHelper.HAL_CONTENT_TYPE)).andExpect(status().isOk()).andExpect(content().contentType(TestHelper.HAL_CONTENT_TYPE)).andReturn().getResponse().getContentAsString();
//
Set<IdmIncompatibleRoleDto> incompatibleRoles = toDtos(response, ResolvedIncompatibleRoleDto.class).stream().map(ResolvedIncompatibleRoleDto::getIncompatibleRole).collect(Collectors.toSet());
Assert.assertEquals(1, incompatibleRoles.size());
Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
return ir.getSuperior().equals(roleTwo.getId()) && ir.getSub().equals(roleFive.getId());
}));
}
use of eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto in project CzechIdMng by bcvsolutions.
the class IdmIncompatibleRoleControllerRestTest method testFindBySub.
@Test
public void testFindBySub() {
IdmRoleDto roleOne = getHelper().createRole();
IdmRoleDto roleTwo = getHelper().createRole();
IdmRoleDto roleThree = getHelper().createRole();
//
IdmIncompatibleRoleDto incompatibleRoleOne = getHelper().createIncompatibleRole(roleOne, roleTwo);
IdmIncompatibleRoleDto incompatibleRoleTwo = getHelper().createIncompatibleRole(roleThree, roleOne);
IdmIncompatibleRoleDto incompatibleRoleThree = getHelper().createIncompatibleRole(roleThree, roleTwo);
//
IdmIncompatibleRoleFilter filter = new IdmIncompatibleRoleFilter();
filter.setSubId(roleOne.getId());
List<IdmIncompatibleRoleDto> incompatibleRoles = find(filter);
Assert.assertEquals(1, incompatibleRoles.size());
Assert.assertEquals(incompatibleRoleTwo.getId(), incompatibleRoles.get(0).getId());
//
filter.setSubId(roleTwo.getId());
incompatibleRoles = find(filter);
Assert.assertEquals(2, incompatibleRoles.size());
Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> ir.getId().equals(incompatibleRoleOne.getId())));
Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> ir.getId().equals(incompatibleRoleThree.getId())));
//
filter.setSubId(roleThree.getId());
incompatibleRoles = find(filter);
Assert.assertTrue(incompatibleRoles.isEmpty());
}
Aggregations