use of io.gravitee.repository.management.model.Group in project gravitee-management-rest-api by gravitee-io.
the class GroupService_IsUserAuthorizedToAccessTest method shouldNotBeAuthorizedForPublicApiIfMemberOfUnauthorizedGroups.
@Test
public void shouldNotBeAuthorizedForPublicApiIfMemberOfUnauthorizedGroups() throws TechnicalException {
when(api.getVisibility()).thenReturn(Visibility.PUBLIC);
when(api.getId()).thenReturn("apiId");
Group excludedGroup = new Group();
excludedGroup.setId("excludedGroup");
RoleEntity apiRole = new RoleEntity();
apiRole.setScope(RoleScope.API);
when(membershipService.getRoles(MembershipReferenceType.API, api.getId(), MembershipMemberType.USER, "user")).thenReturn(Collections.emptySet());
when(membershipService.getRoles(MembershipReferenceType.GROUP, "excludedGroup", MembershipMemberType.USER, "user")).thenReturn(Collections.singleton(apiRole));
boolean userAuthorizedToAccess = groupService.isUserAuthorizedToAccessApiData(api, Collections.singletonList("excludedGroup"), "user");
assertFalse(userAuthorizedToAccess);
verify(membershipService, times(2)).getRoles(any(), any(), any(), any());
verify(membershipService, times(1)).getRoles(MembershipReferenceType.API, api.getId(), MembershipMemberType.USER, "user");
verify(membershipService, times(1)).getRoles(MembershipReferenceType.GROUP, "excludedGroup", MembershipMemberType.USER, "user");
verify(api, never()).getGroups();
}
Aggregations