use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.
the class PermissionServiceTest method saveAccessControlEntries_withEntries_delegatesToDataService.
@Test
public void saveAccessControlEntries_withEntries_delegatesToDataService() {
when(permissionCheckingService.userAllowedToOperateOnActor(eq(USER_NAME))).thenReturn(true);
ArrayList<PermissionEntry> expectedEntries = newArrayList(new PermissionEntry(USER_NAME, PermissionOperation.READ));
subject.savePermissions(expectedCredentialVersion, expectedEntries, auditRecordParameters, false, CREDENTIAL_NAME);
verify(permissionDataService).savePermissions(expectedCredentialVersion.getCredential(), expectedEntries);
}
use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.
the class PermissionedCredentialServiceTest method save_whenThereIsANewCredentialAndSelfUpdatingAcls_throwsException.
@Test
public void save_whenThereIsANewCredentialAndSelfUpdatingAcls_throwsException() {
when(request.getType()).thenReturn("password");
when(request.getOverwriteMode()).thenReturn(CredentialWriteMode.OVERWRITE.mode);
when(credentialVersionDataService.findMostRecent(CREDENTIAL_NAME)).thenReturn(null);
when(credentialVersionDataService.save(any(CredentialVersion.class))).thenReturn(new PasswordCredentialVersion().setEncryptor(encryptor));
when(permissionCheckingService.userAllowedToOperateOnActor("test-user")).thenReturn(true);
when(permissionCheckingService.hasPermission(userContext.getActor(), CREDENTIAL_NAME, WRITE_ACL)).thenReturn(true);
accessControlEntries.add(new PermissionEntry("test-user", Arrays.asList(WRITE, WRITE_ACL)));
try {
subject.save(existingCredentialVersion, credentialValue, request, auditRecordParameters);
} catch (InvalidPermissionOperationException e) {
assertThat(e.getMessage(), equalTo("error.permission.invalid_update_operation"));
}
}
use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.
the class PermissionsHandlerTest method setPermissions_setsAndReturnsThePermissions.
@Test
public void setPermissions_setsAndReturnsThePermissions() {
when(permissionCheckingService.hasPermission(any(String.class), eq(CREDENTIAL_NAME), eq(PermissionOperation.WRITE_ACL))).thenReturn(true);
when(permissionCheckingService.userAllowedToOperateOnActor(ACTOR_NAME)).thenReturn(true);
ArrayList<PermissionOperation> operations = newArrayList(PermissionOperation.READ, PermissionOperation.WRITE);
PermissionEntry permissionEntry = new PermissionEntry(ACTOR_NAME, operations);
List<PermissionEntry> accessControlList = newArrayList(permissionEntry);
PermissionEntry preexistingPermissionEntry = new PermissionEntry(ACTOR_NAME2, Lists.newArrayList(PermissionOperation.READ));
List<PermissionEntry> expectedControlList = newArrayList(permissionEntry, preexistingPermissionEntry);
when(permissionService.getPermissions(credentialVersion, auditRecordParameters, CREDENTIAL_NAME)).thenReturn(expectedControlList);
when(permissionsRequest.getCredentialName()).thenReturn(CREDENTIAL_NAME);
when(permissionsRequest.getPermissions()).thenReturn(accessControlList);
subject.setPermissions(permissionsRequest, auditRecordParameters);
ArgumentCaptor<List> permissionsListCaptor = ArgumentCaptor.forClass(List.class);
verify(permissionService).savePermissions(eq(credentialVersion), permissionsListCaptor.capture(), eq(auditRecordParameters), eq(false), eq(CREDENTIAL_NAME));
List<PermissionEntry> accessControlEntries = permissionsListCaptor.getValue();
PermissionEntry entry = accessControlEntries.get(0);
assertThat(entry.getActor(), equalTo(ACTOR_NAME));
assertThat(entry.getAllowedOperations(), contains(equalTo(PermissionOperation.READ), equalTo(PermissionOperation.WRITE)));
}
use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.
the class PermissionAndCredentialTest method hasEditedAcl.
private void hasEditedAcl(String token) throws Exception {
MvcResult result = mockMvc.perform(get("/api/v1/permissions?credential_name=/test-password").header("Authorization", "Bearer " + token)).andDo(print()).andExpect(status().isOk()).andReturn();
String content = result.getResponse().getContentAsString();
PermissionsView acl = JsonTestHelper.deserialize(content, PermissionsView.class);
assertThat(acl.getCredentialName(), equalTo("/test-password"));
assertThat(acl.getPermissions(), containsInAnyOrder(samePropertyValuesAs(new PermissionEntry(UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID, asList(READ, WRITE, DELETE, READ_ACL, WRITE_ACL))), samePropertyValuesAs(new PermissionEntry(MTLS_APP_GUID, asList(WRITE))), samePropertyValuesAs(new PermissionEntry(UAA_OAUTH2_CLIENT_CREDENTIALS_ACTOR_ID, asList(READ, WRITE, DELETE)))));
}
use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.
the class PermissionsEndpointTest method POST_whenTheLeadingSlashIsMissing_prependsTheSlashCorrectly.
@Test
public void POST_whenTheLeadingSlashIsMissing_prependsTheSlashCorrectly() throws Exception {
RequestHelper.grantPermissions(mockMvc, credentialName, AuthConstants.UAA_OAUTH2_PASSWORD_GRANT_TOKEN, "dan", "read");
auditingHelper.verifyAuditing(AuthConstants.UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID, "/api/v1/permissions", 201, newArrayList(new EventAuditRecordParameters(ACL_UPDATE, credentialName, PermissionOperation.READ, "dan")));
PermissionsView acl = RequestHelper.getPermissions(mockMvc, credentialName, AuthConstants.UAA_OAUTH2_PASSWORD_GRANT_TOKEN);
assertThat(acl.getCredentialName(), equalTo(credentialName));
assertThat(acl.getPermissions(), hasSize(2));
assertThat(acl.getPermissions(), containsInAnyOrder(samePropertyValuesAs(new PermissionEntry(AuthConstants.UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID, asList(PermissionOperation.READ, PermissionOperation.WRITE, PermissionOperation.DELETE, PermissionOperation.READ_ACL, PermissionOperation.WRITE_ACL))), samePropertyValuesAs(new PermissionEntry("dan", singletonList(PermissionOperation.READ)))));
}
Aggregations