use of io.vertigo.account.data.TestUserSession in project vertigo by KleeGroup.
the class VSecurityManagerTest method testSecuritySqlOnEntity.
@Test
public void testSecuritySqlOnEntity() {
final Record recordTooExpensive = createRecord();
recordTooExpensive.setAmount(10000d);
final Record recordOtherUser = createRecord();
recordOtherUser.setUtiIdOwner(2000L);
final Record recordOtherUserAndTooExpensive = createRecord();
recordOtherUserAndTooExpensive.setUtiIdOwner(2000L);
recordOtherUserAndTooExpensive.setAmount(10000d);
final Authorization recordRead = getAuthorization(RecordAuthorizations.ATZ_RECORD$READ);
final UserSession userSession = securityManager.<TestUserSession>createUserSession();
try {
securityManager.startCurrentUserSession(userSession);
authorizationManager.obtainUserAuthorizations().withSecurityKeys("utiId", DEFAULT_UTI_ID).withSecurityKeys("typId", DEFAULT_TYPE_ID).withSecurityKeys("montantMax", DEFAULT_MONTANT_MAX).addAuthorization(recordRead);
final boolean canReadRecord = authorizationManager.hasAuthorization(RecordAuthorizations.ATZ_RECORD$READ);
Assert.assertTrue(canReadRecord);
final SqlDialect sqlDialect = new PostgreSqlDataBase().getSqlDialect();
final Tuple2<String, CriteriaCtx> readRecordSql = authorizationManager.getCriteriaSecurity(Record.class, RecordOperations.READ).toSql(sqlDialect);
// read -> MONTANT<=${montantMax} or UTI_ID_OWNER=${utiId}
Assert.assertEquals("( AMOUNT <= #AMOUNT_0# OR UTI_ID_OWNER = #UTI_ID_OWNER_1# ) ", readRecordSql.getVal1());
Assert.assertEquals(100.0, readRecordSql.getVal2().getAttributeValue("AMOUNT_0"));
Assert.assertEquals(1000L, readRecordSql.getVal2().getAttributeValue("UTI_ID_OWNER_1"));
} finally {
securityManager.stopCurrentUserSession();
}
}
use of io.vertigo.account.data.TestUserSession in project vertigo by KleeGroup.
the class VSecurityManagerTest method testSecuritySearchOnEntity.
@Test
public void testSecuritySearchOnEntity() {
final Record recordTooExpensive = createRecord();
recordTooExpensive.setAmount(10000d);
final Record recordOtherUser = createRecord();
recordOtherUser.setUtiIdOwner(2000L);
final Record recordOtherUserAndTooExpensive = createRecord();
recordOtherUserAndTooExpensive.setUtiIdOwner(2000L);
recordOtherUserAndTooExpensive.setAmount(10000d);
final Authorization recordRead = getAuthorization(RecordAuthorizations.ATZ_RECORD$READ);
final UserSession userSession = securityManager.<TestUserSession>createUserSession();
try {
securityManager.startCurrentUserSession(userSession);
authorizationManager.obtainUserAuthorizations().withSecurityKeys("utiId", DEFAULT_UTI_ID).withSecurityKeys("typId", DEFAULT_TYPE_ID).withSecurityKeys("montantMax", DEFAULT_MONTANT_MAX).addAuthorization(recordRead).addAuthorization(getAuthorization(RecordAuthorizations.ATZ_RECORD$READ_HP)).addAuthorization(getAuthorization(RecordAuthorizations.ATZ_RECORD$WRITE)).addAuthorization(getAuthorization(RecordAuthorizations.ATZ_RECORD$CREATE)).addAuthorization(getAuthorization(RecordAuthorizations.ATZ_RECORD$DELETE));
final boolean canReadRecord = authorizationManager.hasAuthorization(RecordAuthorizations.ATZ_RECORD$READ);
Assert.assertTrue(canReadRecord);
// read -> MONTANT<=${montantMax} or UTI_ID_OWNER=${utiId}
Assert.assertEquals("(+AMOUNT:<=100.0) (+UTI_ID_OWNER:1000)", authorizationManager.getSearchSecurity(Record.class, RecordOperations.READ));
Assert.assertEquals("(AMOUNT:<=100.0 UTI_ID_OWNER:1000)", authorizationManager.getSearchSecurity(Record.class, RecordOperations.READ2));
Assert.assertEquals("(*:*)", authorizationManager.getSearchSecurity(Record.class, RecordOperations.READ_HP));
Assert.assertEquals("(+UTI_ID_OWNER:1000 +ETA_CD:<ARC) (+TYP_ID:10 +AMOUNT:<=100.0 +ETA_CD:<ARC)", authorizationManager.getSearchSecurity(Record.class, RecordOperations.WRITE));
Assert.assertEquals("(+TYP_ID:10 +AMOUNT:<=100.0)", authorizationManager.getSearchSecurity(Record.class, RecordOperations.CREATE));
Assert.assertEquals("(+TYP_ID:10) (+UTI_ID_OWNER:1000 +ETA_CD:<PUB)", authorizationManager.getSearchSecurity(Record.class, RecordOperations.DELETE));
final boolean canReadNotify = authorizationManager.hasAuthorization(RecordAuthorizations.ATZ_RECORD$NOTIFY);
Assert.assertFalse(canReadNotify);
Assert.assertEquals("", authorizationManager.getSearchSecurity(Record.class, RecordOperations.NOTIFY));
} finally {
securityManager.stopCurrentUserSession();
}
}
use of io.vertigo.account.data.TestUserSession in project vertigo by KleeGroup.
the class VSecurityManagerTest method testAuthorizedOnEntityOverride.
@Test
public void testAuthorizedOnEntityOverride() {
final Record record = createRecord();
final Record recordTooExpensive = createRecord();
recordTooExpensive.setAmount(10000d);
final Record recordOtherUser = createRecord();
recordOtherUser.setUtiIdOwner(2000L);
final Record recordOtherUserAndTooExpensive = createRecord();
recordOtherUserAndTooExpensive.setUtiIdOwner(2000L);
recordOtherUserAndTooExpensive.setAmount(10000d);
final Authorization recordRead = getAuthorization(RecordAuthorizations.ATZ_RECORD$READ_HP);
final UserSession userSession = securityManager.<TestUserSession>createUserSession();
try {
securityManager.startCurrentUserSession(userSession);
authorizationManager.obtainUserAuthorizations().withSecurityKeys("utiId", DEFAULT_UTI_ID).withSecurityKeys("typId", DEFAULT_TYPE_ID).withSecurityKeys("montantMax", DEFAULT_MONTANT_MAX).addAuthorization(recordRead);
final boolean canReadRecord = authorizationManager.hasAuthorization(RecordAuthorizations.ATZ_RECORD$READ_HP);
Assert.assertTrue(canReadRecord);
// read -> MONTANT<=${montantMax} or UTI_ID_OWNER=${utiId}
Assert.assertTrue(authorizationManager.isAuthorized(record, RecordOperations.READ));
Assert.assertTrue(authorizationManager.isAuthorized(recordTooExpensive, RecordOperations.READ));
Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUser, RecordOperations.READ));
Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUserAndTooExpensive, RecordOperations.READ));
} finally {
securityManager.stopCurrentUserSession();
}
}
use of io.vertigo.account.data.TestUserSession in project vertigo by KleeGroup.
the class VSecurityManagerTest method testAuthorizedOnEntityTreeAxes.
@Test
public void testAuthorizedOnEntityTreeAxes() {
final Record record = createRecord();
record.setEtaCd("PUB");
final Record recordOtherType = createRecord();
recordOtherType.setEtaCd("PUB");
recordOtherType.setTypId(11L);
final Record recordOtherEtat = createRecord();
recordOtherEtat.setEtaCd("CRE");
final Record recordOtherUser = createRecord();
recordOtherUser.setEtaCd("PUB");
recordOtherUser.setUtiIdOwner(2000L);
final Record recordOtherUserAndTooExpensive = createRecord();
recordOtherUserAndTooExpensive.setEtaCd("PUB");
recordOtherUserAndTooExpensive.setUtiIdOwner(2000L);
recordOtherUserAndTooExpensive.setAmount(10000d);
final Record recordOtherCommune = createRecord();
recordOtherCommune.setEtaCd("PUB");
recordOtherCommune.setComId(3L);
final Record recordDepartement = createRecord();
recordDepartement.setEtaCd("PUB");
recordDepartement.setComId(null);
final Record recordOtherDepartement = createRecord();
recordOtherDepartement.setEtaCd("PUB");
recordOtherDepartement.setDepId(10L);
recordOtherDepartement.setComId(null);
final Record recordRegion = createRecord();
recordRegion.setEtaCd("PUB");
recordRegion.setDepId(null);
recordRegion.setComId(null);
final Record recordNational = createRecord();
recordNational.setEtaCd("PUB");
recordNational.setRegId(null);
recordNational.setDepId(null);
recordNational.setComId(null);
final Authorization recordNotify = getAuthorization(RecordAuthorizations.ATZ_RECORD$NOTIFY);
final UserSession userSession = securityManager.<TestUserSession>createUserSession();
try {
securityManager.startCurrentUserSession(userSession);
authorizationManager.obtainUserAuthorizations().withSecurityKeys("utiId", DEFAULT_UTI_ID).withSecurityKeys("typId", DEFAULT_TYPE_ID).withSecurityKeys("montantMax", DEFAULT_MONTANT_MAX).withSecurityKeys("geo", // droit sur tout un département
new Long[] { DEFAULT_REG_ID, DEFAULT_DEP_ID, null }).addAuthorization(recordNotify);
Assert.assertTrue(authorizationManager.hasAuthorization(RecordAuthorizations.ATZ_RECORD$NOTIFY));
// grant read -> MONTANT<=${montantMax} or UTI_ID_OWNER=${utiId}
Assert.assertTrue(authorizationManager.isAuthorized(record, RecordOperations.READ));
Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUser, RecordOperations.READ));
Assert.assertFalse(authorizationManager.isAuthorized(recordOtherUserAndTooExpensive, RecordOperations.READ));
// grant read2 -> MONTANT<=${montantMax} or UTI_ID_OWNER=${utiId}
Assert.assertTrue(authorizationManager.isAuthorized(record, RecordOperations.READ2));
Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUser, RecordOperations.READ2));
Assert.assertFalse(authorizationManager.isAuthorized(recordOtherUserAndTooExpensive, RecordOperations.READ2));
// notify -> TYP_ID=${typId} and ETA_CD=PUB and GEO<=${geo}
Assert.assertTrue(authorizationManager.isAuthorized(record, RecordOperations.NOTIFY));
Assert.assertFalse(authorizationManager.isAuthorized(recordOtherType, RecordOperations.NOTIFY));
Assert.assertFalse(authorizationManager.isAuthorized(recordOtherEtat, RecordOperations.NOTIFY));
Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUser, RecordOperations.NOTIFY));
Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUserAndTooExpensive, RecordOperations.NOTIFY));
Assert.assertTrue(authorizationManager.isAuthorized(recordOtherCommune, RecordOperations.NOTIFY));
Assert.assertTrue(authorizationManager.isAuthorized(recordDepartement, RecordOperations.NOTIFY));
Assert.assertFalse(authorizationManager.isAuthorized(recordOtherDepartement, RecordOperations.NOTIFY));
Assert.assertFalse(authorizationManager.isAuthorized(recordRegion, RecordOperations.NOTIFY));
Assert.assertFalse(authorizationManager.isAuthorized(recordNational, RecordOperations.NOTIFY));
// override write -> TYP_ID=${typId} and ETA_CD=PUB and GEO<=${geo}
// default write don't apply : (UTI_ID_OWNER=${utiId} and ETA_CD<ARC) or (TYP_ID=${typId} and MONTANT<=${montantMax} and ETA_CD<ARC)
Assert.assertTrue(authorizationManager.isAuthorized(record, RecordOperations.WRITE));
Assert.assertFalse(authorizationManager.isAuthorized(recordOtherType, RecordOperations.WRITE));
Assert.assertFalse(authorizationManager.isAuthorized(recordOtherEtat, RecordOperations.WRITE));
Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUser, RecordOperations.WRITE));
Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUserAndTooExpensive, RecordOperations.WRITE));
Assert.assertTrue(authorizationManager.isAuthorized(recordOtherCommune, RecordOperations.WRITE));
Assert.assertTrue(authorizationManager.isAuthorized(recordDepartement, RecordOperations.WRITE));
Assert.assertFalse(authorizationManager.isAuthorized(recordOtherDepartement, RecordOperations.WRITE));
Assert.assertFalse(authorizationManager.isAuthorized(recordRegion, RecordOperations.WRITE));
Assert.assertFalse(authorizationManager.isAuthorized(recordNational, RecordOperations.WRITE));
} finally {
securityManager.stopCurrentUserSession();
}
}
use of io.vertigo.account.data.TestUserSession in project vertigo by KleeGroup.
the class VSecurityManagerTest method testAuthorizedOnEntity.
@Test
public void testAuthorizedOnEntity() {
final Record record = createRecord();
final Record recordTooExpensive = createRecord();
recordTooExpensive.setAmount(10000d);
final Record recordOtherUser = createRecord();
recordOtherUser.setUtiIdOwner(2000L);
final Record recordOtherUserAndTooExpensive = createRecord();
recordOtherUserAndTooExpensive.setUtiIdOwner(2000L);
recordOtherUserAndTooExpensive.setAmount(10000d);
final Authorization recordRead = getAuthorization(RecordAuthorizations.ATZ_RECORD$READ);
final UserSession userSession = securityManager.<TestUserSession>createUserSession();
try {
securityManager.startCurrentUserSession(userSession);
authorizationManager.obtainUserAuthorizations().withSecurityKeys("utiId", DEFAULT_UTI_ID).withSecurityKeys("typId", DEFAULT_TYPE_ID).withSecurityKeys("montantMax", DEFAULT_MONTANT_MAX).addAuthorization(recordRead);
final boolean canReadRecord = authorizationManager.hasAuthorization(RecordAuthorizations.ATZ_RECORD$READ);
Assert.assertTrue(canReadRecord);
// read -> MONTANT<=${montantMax} or UTI_ID_OWNER=${utiId}
Assert.assertTrue(authorizationManager.isAuthorized(record, RecordOperations.READ));
Assert.assertTrue(authorizationManager.isAuthorized(recordTooExpensive, RecordOperations.READ));
Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUser, RecordOperations.READ));
Assert.assertFalse(authorizationManager.isAuthorized(recordOtherUserAndTooExpensive, RecordOperations.READ));
} finally {
securityManager.stopCurrentUserSession();
}
}
Aggregations