use of nl.knaw.huygens.timbuctoo.v5.security.PermissionFetcher in project timbuctoo by HuygensING.
the class AuthCheckTest method checkAdminAccessReturnsAForbiddenResponseIfTheUserIsNotAnAdminForTheDataSet.
@Test
public void checkAdminAccessReturnsAForbiddenResponseIfTheUserIsNotAnAdminForTheDataSet() throws Exception {
User notOwner = User.create(null, "user");
UserValidator userValidator = mock(UserValidator.class);
given(userValidator.getUserFromAccessToken(anyString())).willReturn(Optional.of(notOwner));
PermissionFetcher permissionFetcher = mock(PermissionFetcher.class);
given(permissionFetcher.getPermissions(any(User.class), any(BasicDataSetMetaData.class))).willReturn(permissionsForNonAdmin());
Response response = checkAdminAccess(permissionFetcher, userValidator, "auth", new BasicDataSetMetaData("ownerid", "datasetid", "http://ex.org", "http://example.org/prefix/", false, false));
assertThat(response.getStatus(), is(FORBIDDEN.getStatusCode()));
}
use of nl.knaw.huygens.timbuctoo.v5.security.PermissionFetcher in project timbuctoo by HuygensING.
the class AuthCheckTest method checkAdminAccessReturnsNullIfTheUserHasAdminPermissionsForTheDataSet.
@Test
public void checkAdminAccessReturnsNullIfTheUserHasAdminPermissionsForTheDataSet() throws Exception {
User notOwner = User.create(null, "user");
UserValidator userValidator = mock(UserValidator.class);
given(userValidator.getUserFromAccessToken(anyString())).willReturn(Optional.of(notOwner));
PermissionFetcher permissionFetcher = mock(PermissionFetcher.class);
given(permissionFetcher.getPermissions(any(User.class), any(BasicDataSetMetaData.class))).willReturn(permissionsForAdmin());
Response response = checkAdminAccess(permissionFetcher, userValidator, "auth", new BasicDataSetMetaData("ownerid", "datasetid", "http://ex.org", "http://example.org/prefix/", false, false));
assertThat(response.getStatus(), is(200));
}
use of nl.knaw.huygens.timbuctoo.v5.security.PermissionFetcher in project timbuctoo by HuygensING.
the class UserPermissionCheckTest method getPermissionsReturnsNoPermissionsForEmptyUserIfPublicDataSet.
@Test
public void getPermissionsReturnsNoPermissionsForEmptyUserIfPublicDataSet() {
PermissionFetcher permissionFetcher = mock(PermissionFetcher.class);
Set<Permission> defaultPermissions = Sets.newHashSet(Permission.READ);
UserPermissionCheck userPermissionCheck = new UserPermissionCheck(Optional.empty(), permissionFetcher, defaultPermissions);
DataSetMetaData dataSetMetaData = mock(BasicDataSetMetaData.class);
given(dataSetMetaData.isPublished()).willReturn(true);
Set<Permission> permissions = userPermissionCheck.getPermissions(dataSetMetaData);
assertEquals(Sets.newHashSet(Permission.READ), permissions);
}
Aggregations