Search in sources :

Example 6 with PermissionFetcher

use of nl.knaw.huygens.timbuctoo.v5.security.PermissionFetcher in project timbuctoo by HuygensING.

the class AuthCheckTest method checkAdminAccessReturnsAForbiddenResponseIfTheUserIsNotAnAdminForTheDataSet.

@Test
public void checkAdminAccessReturnsAForbiddenResponseIfTheUserIsNotAnAdminForTheDataSet() throws Exception {
    User notOwner = User.create(null, "user");
    UserValidator userValidator = mock(UserValidator.class);
    given(userValidator.getUserFromAccessToken(anyString())).willReturn(Optional.of(notOwner));
    PermissionFetcher permissionFetcher = mock(PermissionFetcher.class);
    given(permissionFetcher.getPermissions(any(User.class), any(BasicDataSetMetaData.class))).willReturn(permissionsForNonAdmin());
    Response response = checkAdminAccess(permissionFetcher, userValidator, "auth", new BasicDataSetMetaData("ownerid", "datasetid", "http://ex.org", "http://example.org/prefix/", false, false));
    assertThat(response.getStatus(), is(FORBIDDEN.getStatusCode()));
}
Also used : Response(javax.ws.rs.core.Response) PermissionFetcher(nl.knaw.huygens.timbuctoo.v5.security.PermissionFetcher) User(nl.knaw.huygens.timbuctoo.v5.security.dto.User) BasicDataSetMetaData(nl.knaw.huygens.timbuctoo.v5.dataset.dto.BasicDataSetMetaData) UserValidator(nl.knaw.huygens.timbuctoo.v5.security.UserValidator) Test(org.junit.Test)

Example 7 with PermissionFetcher

use of nl.knaw.huygens.timbuctoo.v5.security.PermissionFetcher in project timbuctoo by HuygensING.

the class AuthCheckTest method checkAdminAccessReturnsNullIfTheUserHasAdminPermissionsForTheDataSet.

@Test
public void checkAdminAccessReturnsNullIfTheUserHasAdminPermissionsForTheDataSet() throws Exception {
    User notOwner = User.create(null, "user");
    UserValidator userValidator = mock(UserValidator.class);
    given(userValidator.getUserFromAccessToken(anyString())).willReturn(Optional.of(notOwner));
    PermissionFetcher permissionFetcher = mock(PermissionFetcher.class);
    given(permissionFetcher.getPermissions(any(User.class), any(BasicDataSetMetaData.class))).willReturn(permissionsForAdmin());
    Response response = checkAdminAccess(permissionFetcher, userValidator, "auth", new BasicDataSetMetaData("ownerid", "datasetid", "http://ex.org", "http://example.org/prefix/", false, false));
    assertThat(response.getStatus(), is(200));
}
Also used : Response(javax.ws.rs.core.Response) PermissionFetcher(nl.knaw.huygens.timbuctoo.v5.security.PermissionFetcher) User(nl.knaw.huygens.timbuctoo.v5.security.dto.User) BasicDataSetMetaData(nl.knaw.huygens.timbuctoo.v5.dataset.dto.BasicDataSetMetaData) UserValidator(nl.knaw.huygens.timbuctoo.v5.security.UserValidator) Test(org.junit.Test)

Example 8 with PermissionFetcher

use of nl.knaw.huygens.timbuctoo.v5.security.PermissionFetcher in project timbuctoo by HuygensING.

the class UserPermissionCheckTest method getPermissionsReturnsNoPermissionsForEmptyUserIfPublicDataSet.

@Test
public void getPermissionsReturnsNoPermissionsForEmptyUserIfPublicDataSet() {
    PermissionFetcher permissionFetcher = mock(PermissionFetcher.class);
    Set<Permission> defaultPermissions = Sets.newHashSet(Permission.READ);
    UserPermissionCheck userPermissionCheck = new UserPermissionCheck(Optional.empty(), permissionFetcher, defaultPermissions);
    DataSetMetaData dataSetMetaData = mock(BasicDataSetMetaData.class);
    given(dataSetMetaData.isPublished()).willReturn(true);
    Set<Permission> permissions = userPermissionCheck.getPermissions(dataSetMetaData);
    assertEquals(Sets.newHashSet(Permission.READ), permissions);
}
Also used : PermissionFetcher(nl.knaw.huygens.timbuctoo.v5.security.PermissionFetcher) Permission(nl.knaw.huygens.timbuctoo.v5.security.dto.Permission) DataSetMetaData(nl.knaw.huygens.timbuctoo.v5.dataset.dto.DataSetMetaData) BasicDataSetMetaData(nl.knaw.huygens.timbuctoo.v5.dataset.dto.BasicDataSetMetaData) Test(org.junit.Test)

Aggregations

User (nl.knaw.huygens.timbuctoo.v5.security.dto.User)6 Test (org.junit.Test)6 BasicDataSetMetaData (nl.knaw.huygens.timbuctoo.v5.dataset.dto.BasicDataSetMetaData)5 PermissionFetcher (nl.knaw.huygens.timbuctoo.v5.security.PermissionFetcher)5 Response (javax.ws.rs.core.Response)4 DataSetMetaData (nl.knaw.huygens.timbuctoo.v5.dataset.dto.DataSetMetaData)3 UserValidator (nl.knaw.huygens.timbuctoo.v5.security.UserValidator)3 DataSet (nl.knaw.huygens.timbuctoo.v5.dataset.dto.DataSet)2 Permission (nl.knaw.huygens.timbuctoo.v5.security.dto.Permission)2 UserValidationException (nl.knaw.huygens.timbuctoo.v5.security.exceptions.UserValidationException)2 ExecutionResult (graphql.ExecutionResult)1 GraphQL (graphql.GraphQL)1 GraphQLSchema (graphql.schema.GraphQLSchema)1 IOException (java.io.IOException)1 PUT (javax.ws.rs.PUT)1 StreamingOutput (javax.ws.rs.core.StreamingOutput)1 ImportManager (nl.knaw.huygens.timbuctoo.v5.dataset.ImportManager)1 ImportStatus (nl.knaw.huygens.timbuctoo.v5.dataset.ImportStatus)1 QuadStore (nl.knaw.huygens.timbuctoo.v5.datastores.quadstore.QuadStore)1 SerializerWriter (nl.knaw.huygens.timbuctoo.v5.dropwizard.contenttypes.SerializerWriter)1