Search in sources :

Example 1 with PostgreSqlDataBase

use of io.vertigo.database.impl.sql.vendor.postgresql.PostgreSqlDataBase in project vertigo by KleeGroup.

the class VSecurityManagerTest method testSecuritySqlOnEntity.

@Test
public void testSecuritySqlOnEntity() {
    final Record recordTooExpensive = createRecord();
    recordTooExpensive.setAmount(10000d);
    final Record recordOtherUser = createRecord();
    recordOtherUser.setUtiIdOwner(2000L);
    final Record recordOtherUserAndTooExpensive = createRecord();
    recordOtherUserAndTooExpensive.setUtiIdOwner(2000L);
    recordOtherUserAndTooExpensive.setAmount(10000d);
    final Authorization recordRead = getAuthorization(RecordAuthorizations.ATZ_RECORD$READ);
    final UserSession userSession = securityManager.<TestUserSession>createUserSession();
    try {
        securityManager.startCurrentUserSession(userSession);
        authorizationManager.obtainUserAuthorizations().withSecurityKeys("utiId", DEFAULT_UTI_ID).withSecurityKeys("typId", DEFAULT_TYPE_ID).withSecurityKeys("montantMax", DEFAULT_MONTANT_MAX).addAuthorization(recordRead);
        final boolean canReadRecord = authorizationManager.hasAuthorization(RecordAuthorizations.ATZ_RECORD$READ);
        Assert.assertTrue(canReadRecord);
        final SqlDialect sqlDialect = new PostgreSqlDataBase().getSqlDialect();
        final Tuple2<String, CriteriaCtx> readRecordSql = authorizationManager.getCriteriaSecurity(Record.class, RecordOperations.READ).toSql(sqlDialect);
        // read -> MONTANT<=${montantMax} or UTI_ID_OWNER=${utiId}
        Assert.assertEquals("( AMOUNT <= #AMOUNT_0# OR UTI_ID_OWNER = #UTI_ID_OWNER_1# ) ", readRecordSql.getVal1());
        Assert.assertEquals(100.0, readRecordSql.getVal2().getAttributeValue("AMOUNT_0"));
        Assert.assertEquals(1000L, readRecordSql.getVal2().getAttributeValue("UTI_ID_OWNER_1"));
    } finally {
        securityManager.stopCurrentUserSession();
    }
}
Also used : Authorization(io.vertigo.account.authorization.metamodel.Authorization) CriteriaCtx(io.vertigo.dynamo.criteria.CriteriaCtx) TestUserSession(io.vertigo.account.data.TestUserSession) UserSession(io.vertigo.persona.security.UserSession) SqlDialect(io.vertigo.database.sql.vendor.SqlDialect) Record(io.vertigo.account.authorization.model.Record) TestUserSession(io.vertigo.account.data.TestUserSession) PostgreSqlDataBase(io.vertigo.database.impl.sql.vendor.postgresql.PostgreSqlDataBase) Test(org.junit.Test)

Aggregations

Authorization (io.vertigo.account.authorization.metamodel.Authorization)1 Record (io.vertigo.account.authorization.model.Record)1 TestUserSession (io.vertigo.account.data.TestUserSession)1 PostgreSqlDataBase (io.vertigo.database.impl.sql.vendor.postgresql.PostgreSqlDataBase)1 SqlDialect (io.vertigo.database.sql.vendor.SqlDialect)1 CriteriaCtx (io.vertigo.dynamo.criteria.CriteriaCtx)1 UserSession (io.vertigo.persona.security.UserSession)1 Test (org.junit.Test)1