Search in sources :

Example 1 with UserValidator

use of nl.knaw.huygens.timbuctoo.v5.security.UserValidator in project timbuctoo by HuygensING.

the class AuthCheckTest method checkAdminAccessReturnsNullIfTheUserIsAnAdminForTheDataSet.

@Test
public void checkAdminAccessReturnsNullIfTheUserIsAnAdminForTheDataSet() throws Exception {
    User notOwner = User.create(null, "user");
    UserValidator userValidator = mock(UserValidator.class);
    given(userValidator.getUserFromAccessToken(anyString())).willReturn(Optional.of(notOwner));
    PermissionFetcher permissionFetcher = mock(PermissionFetcher.class);
    given(permissionFetcher.getPermissions(any(User.class), any(BasicDataSetMetaData.class))).willReturn(permissionsForAdmin());
    Response response = checkAdminAccess(permissionFetcher, userValidator, "auth", new BasicDataSetMetaData("ownerid", "datasetid", "http://ex.org", "http://example.org/prefix/", false, false));
    assertThat(response.getStatus(), is(200));
}
Also used : Response(javax.ws.rs.core.Response) PermissionFetcher(nl.knaw.huygens.timbuctoo.v5.security.PermissionFetcher) User(nl.knaw.huygens.timbuctoo.v5.security.dto.User) BasicDataSetMetaData(nl.knaw.huygens.timbuctoo.v5.dataset.dto.BasicDataSetMetaData) UserValidator(nl.knaw.huygens.timbuctoo.v5.security.UserValidator) Test(org.junit.Test)

Example 2 with UserValidator

use of nl.knaw.huygens.timbuctoo.v5.security.UserValidator in project timbuctoo by HuygensING.

the class EntityToJsonMapperTest method setUp.

@Before
public void setUp() throws Exception {
    userValidator = mock(UserValidator.class);
    when(userValidator.getUserFromUserId(USER_ID)).thenReturn(Optional.of(User.create(USER_NAME, "")));
    instance = new EntityToJsonMapper(userValidator, (collection, id1, rev) -> URI.create("www.example.com"));
}
Also used : UserValidator(nl.knaw.huygens.timbuctoo.v5.security.UserValidator) JsonBuilder.jsnO(nl.knaw.huygens.timbuctoo.util.JsonBuilder.jsnO) Matchers.not(org.hamcrest.Matchers.not) Collection(nl.knaw.huygens.timbuctoo.core.dto.dataset.Collection) ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode) ArrayList(java.util.ArrayList) User(nl.knaw.huygens.timbuctoo.v5.security.dto.User) Lists(com.google.common.collect.Lists) StringProperty(nl.knaw.huygens.timbuctoo.core.dto.property.StringProperty) EntityToJsonMapper(nl.knaw.huygens.timbuctoo.crud.conversion.EntityToJsonMapper) JsonBuilder.jsnA(nl.knaw.huygens.timbuctoo.util.JsonBuilder.jsnA) URI(java.net.URI) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) JsonBuilder.jsn(nl.knaw.huygens.timbuctoo.util.JsonBuilder.jsn) Before(org.junit.Before) HyperLinksProperty(nl.knaw.huygens.timbuctoo.core.dto.property.HyperLinksProperty) RelationRef(nl.knaw.huygens.timbuctoo.core.dto.RelationRef) TimProperty(nl.knaw.huygens.timbuctoo.core.dto.property.TimProperty) ReadEntityImpl(nl.knaw.huygens.timbuctoo.core.dto.ReadEntityImpl) Test(org.junit.Test) UUID(java.util.UUID) Mockito.when(org.mockito.Mockito.when) Instant(java.time.Instant) Matchers.hasItem(org.hamcrest.Matchers.hasItem) Optional(java.util.Optional) Change(nl.knaw.huygens.timbuctoo.model.Change) Matchers.is(org.hamcrest.Matchers.is) SameJSONAs.sameJSONAs(uk.co.datumedge.hamcrest.json.SameJSONAs.sameJSONAs) Mockito.mock(org.mockito.Mockito.mock) EntityToJsonMapper(nl.knaw.huygens.timbuctoo.crud.conversion.EntityToJsonMapper) UserValidator(nl.knaw.huygens.timbuctoo.v5.security.UserValidator) Before(org.junit.Before)

Example 3 with UserValidator

use of nl.knaw.huygens.timbuctoo.v5.security.UserValidator in project timbuctoo by HuygensING.

the class AuthCheckTest method checkAdminAccessReturnsAnUnauthorizedResponseIfTheUserIsUnknown.

@Test
public void checkAdminAccessReturnsAnUnauthorizedResponseIfTheUserIsUnknown() throws Exception {
    UserValidator userValidator = mock(UserValidator.class);
    given(userValidator.getUserFromAccessToken(anyString())).willReturn(Optional.empty());
    Response response = checkAdminAccess(null, userValidator, "auth", new BasicDataSetMetaData("ownerid", "datasetid", "http://ex.org", "http://example.org/prefix/", false, false));
    assertThat(response.getStatus(), is(UNAUTHORIZED.getStatusCode()));
}
Also used : Response(javax.ws.rs.core.Response) BasicDataSetMetaData(nl.knaw.huygens.timbuctoo.v5.dataset.dto.BasicDataSetMetaData) UserValidator(nl.knaw.huygens.timbuctoo.v5.security.UserValidator) Test(org.junit.Test)

Example 4 with UserValidator

use of nl.knaw.huygens.timbuctoo.v5.security.UserValidator in project timbuctoo by HuygensING.

the class AuthCheckTest method checkAdminAccessReturnsAForbiddenResponseIfTheUserIsNotAnAdminForTheDataSet.

@Test
public void checkAdminAccessReturnsAForbiddenResponseIfTheUserIsNotAnAdminForTheDataSet() throws Exception {
    User notOwner = User.create(null, "user");
    UserValidator userValidator = mock(UserValidator.class);
    given(userValidator.getUserFromAccessToken(anyString())).willReturn(Optional.of(notOwner));
    PermissionFetcher permissionFetcher = mock(PermissionFetcher.class);
    given(permissionFetcher.getPermissions(any(User.class), any(BasicDataSetMetaData.class))).willReturn(permissionsForNonAdmin());
    Response response = checkAdminAccess(permissionFetcher, userValidator, "auth", new BasicDataSetMetaData("ownerid", "datasetid", "http://ex.org", "http://example.org/prefix/", false, false));
    assertThat(response.getStatus(), is(FORBIDDEN.getStatusCode()));
}
Also used : Response(javax.ws.rs.core.Response) PermissionFetcher(nl.knaw.huygens.timbuctoo.v5.security.PermissionFetcher) User(nl.knaw.huygens.timbuctoo.v5.security.dto.User) BasicDataSetMetaData(nl.knaw.huygens.timbuctoo.v5.dataset.dto.BasicDataSetMetaData) UserValidator(nl.knaw.huygens.timbuctoo.v5.security.UserValidator) Test(org.junit.Test)

Example 5 with UserValidator

use of nl.knaw.huygens.timbuctoo.v5.security.UserValidator in project timbuctoo by HuygensING.

the class AuthCheckTest method checkAdminAccessReturnsNullIfTheUserHasAdminPermissionsForTheDataSet.

@Test
public void checkAdminAccessReturnsNullIfTheUserHasAdminPermissionsForTheDataSet() throws Exception {
    User notOwner = User.create(null, "user");
    UserValidator userValidator = mock(UserValidator.class);
    given(userValidator.getUserFromAccessToken(anyString())).willReturn(Optional.of(notOwner));
    PermissionFetcher permissionFetcher = mock(PermissionFetcher.class);
    given(permissionFetcher.getPermissions(any(User.class), any(BasicDataSetMetaData.class))).willReturn(permissionsForAdmin());
    Response response = checkAdminAccess(permissionFetcher, userValidator, "auth", new BasicDataSetMetaData("ownerid", "datasetid", "http://ex.org", "http://example.org/prefix/", false, false));
    assertThat(response.getStatus(), is(200));
}
Also used : Response(javax.ws.rs.core.Response) PermissionFetcher(nl.knaw.huygens.timbuctoo.v5.security.PermissionFetcher) User(nl.knaw.huygens.timbuctoo.v5.security.dto.User) BasicDataSetMetaData(nl.knaw.huygens.timbuctoo.v5.dataset.dto.BasicDataSetMetaData) UserValidator(nl.knaw.huygens.timbuctoo.v5.security.UserValidator) Test(org.junit.Test)

Aggregations

UserValidator (nl.knaw.huygens.timbuctoo.v5.security.UserValidator)5 Test (org.junit.Test)5 Response (javax.ws.rs.core.Response)4 BasicDataSetMetaData (nl.knaw.huygens.timbuctoo.v5.dataset.dto.BasicDataSetMetaData)4 User (nl.knaw.huygens.timbuctoo.v5.security.dto.User)4 PermissionFetcher (nl.knaw.huygens.timbuctoo.v5.security.PermissionFetcher)3 ObjectNode (com.fasterxml.jackson.databind.node.ObjectNode)1 Lists (com.google.common.collect.Lists)1 URI (java.net.URI)1 Instant (java.time.Instant)1 ArrayList (java.util.ArrayList)1 Optional (java.util.Optional)1 UUID (java.util.UUID)1 ReadEntityImpl (nl.knaw.huygens.timbuctoo.core.dto.ReadEntityImpl)1 RelationRef (nl.knaw.huygens.timbuctoo.core.dto.RelationRef)1 Collection (nl.knaw.huygens.timbuctoo.core.dto.dataset.Collection)1 HyperLinksProperty (nl.knaw.huygens.timbuctoo.core.dto.property.HyperLinksProperty)1 StringProperty (nl.knaw.huygens.timbuctoo.core.dto.property.StringProperty)1 TimProperty (nl.knaw.huygens.timbuctoo.core.dto.property.TimProperty)1 EntityToJsonMapper (nl.knaw.huygens.timbuctoo.crud.conversion.EntityToJsonMapper)1