use of org.opencastproject.security.api.AuthorizationService in project opencast by opencast.
the class WorkflowServiceImplAuthzTest method setUp.
@Before
public void setUp() throws Exception {
Map<String, Integer> servers = new HashMap<String, Integer>();
servers.put("http://somewhere", 80);
defaultOrganization = new DefaultOrganization();
otherOrganization = new JaxbOrganization("other_org", "Another organization", servers, defaultOrganization.getAdminRole(), defaultOrganization.getAnonymousRole(), null);
JaxbOrganization jaxbOrganization = JaxbOrganization.fromOrganization(defaultOrganization);
instructor1 = new JaxbUser("instructor1", "test", jaxbOrganization, new JaxbRole("ROLE_INSTRUCTOR", jaxbOrganization));
instructor2 = new JaxbUser("instructor2", "test", jaxbOrganization, new JaxbRole("ROLE_INSTRUCTOR", jaxbOrganization));
JaxbOrganization differentOrg = new JaxbOrganization("differentorg");
instructorFromDifferentOrg = new JaxbUser("instructor3", "test", differentOrg, new JaxbRole("ROLE_INSTRUCTOR", differentOrg));
JaxbOrganization doesntMatterOrg = new JaxbOrganization("org doesn't matter");
globalAdmin = new JaxbUser("global_admin", "test", doesntMatterOrg, new JaxbRole(SecurityConstants.GLOBAL_ADMIN_ROLE, doesntMatterOrg));
users = new HashMap<String, User>();
users.put(instructor1.getUsername(), instructor1);
users.put(instructor2.getUsername(), instructor2);
users.put(instructorFromDifferentOrg.getUsername(), instructorFromDifferentOrg);
users.put(DEFAULT_ORG_ADMIN.getUsername(), DEFAULT_ORG_ADMIN);
users.put(globalAdmin.getUsername(), globalAdmin);
service = new WorkflowServiceImpl() {
@Override
public Set<HandlerRegistration> getRegisteredHandlers() {
return new HashSet<WorkflowServiceImpl.HandlerRegistration>();
}
};
scanner = new WorkflowDefinitionScanner();
service.addWorkflowDefinitionScanner(scanner);
// Organization Service
List<Organization> organizationList = new ArrayList<Organization>();
organizationList.add(defaultOrganization);
OrganizationDirectoryService organizationDirectoryService = EasyMock.createMock(OrganizationDirectoryService.class);
EasyMock.expect(organizationDirectoryService.getOrganization((String) EasyMock.anyObject())).andAnswer(new IAnswer<Organization>() {
@Override
public Organization answer() throws Throwable {
String orgId = (String) EasyMock.getCurrentArguments()[0];
Map<String, Integer> servers = new HashMap<String, Integer>();
servers.put("http://" + orgId, 80);
defaultOrganization = new DefaultOrganization();
return new JaxbOrganization(orgId, orgId, servers, "ROLE_ADMIN", "ROLE_ANONYMOUS", null);
}
}).anyTimes();
EasyMock.expect(organizationDirectoryService.getOrganizations()).andReturn(organizationList).anyTimes();
EasyMock.replay(organizationDirectoryService);
service.setOrganizationDirectoryService(organizationDirectoryService);
// Metadata Service
MediaPackageMetadataService mds = EasyMock.createNiceMock(MediaPackageMetadataService.class);
EasyMock.replay(mds);
service.addMetadataService(mds);
// Workspace
workspace = EasyMock.createNiceMock(Workspace.class);
EasyMock.expect(workspace.getCollectionContents((String) EasyMock.anyObject())).andReturn(new URI[0]);
EasyMock.replay(workspace);
// User Directory
UserDirectoryService userDirectoryService = EasyMock.createMock(UserDirectoryService.class);
EasyMock.expect(userDirectoryService.loadUser((String) EasyMock.anyObject())).andAnswer(new IAnswer<User>() {
@Override
public User answer() throws Throwable {
String userName = (String) EasyMock.getCurrentArguments()[0];
return users.get(userName);
}
}).anyTimes();
EasyMock.replay(userDirectoryService);
service.setUserDirectoryService(userDirectoryService);
// security service
userResponder = new Responder<User>(DEFAULT_ORG_ADMIN);
organizationResponder = new Responder<Organization>(defaultOrganization);
securityService = EasyMock.createNiceMock(SecurityService.class);
EasyMock.expect(securityService.getUser()).andAnswer(userResponder).anyTimes();
EasyMock.expect(securityService.getOrganization()).andAnswer(organizationResponder).anyTimes();
EasyMock.replay(securityService);
service.setSecurityService(securityService);
// Authorization Service
AuthorizationService authzService = EasyMock.createNiceMock(AuthorizationService.class);
EasyMock.replay(authzService);
service.setAuthorizationService(authzService);
MessageSender messageSender = EasyMock.createNiceMock(MessageSender.class);
EasyMock.replay(messageSender);
// Service Registry
serviceRegistry = new ServiceRegistryInMemoryImpl(service, securityService, userDirectoryService, organizationDirectoryService, EasyMock.createNiceMock(IncidentService.class));
service.setServiceRegistry(serviceRegistry);
// Search Index
sRoot = new File(getStorageRoot());
FileUtils.forceMkdir(sRoot);
dao = new WorkflowServiceSolrIndex();
dao.setServiceRegistry(serviceRegistry);
dao.setAuthorizationService(authzService);
dao.setSecurityService(securityService);
dao.setOrgDirectory(organizationDirectoryService);
dao.solrRoot = sRoot + File.separator + "solr." + System.currentTimeMillis();
dao.activate("System Admin");
service.setDao(dao);
service.setMessageSender(messageSender);
// Activate
service.activate(null);
}
use of org.opencastproject.security.api.AuthorizationService in project opencast by opencast.
the class WorkflowServiceImplAuthzTest method testWorkflowWithSecurityPolicy.
@Test
public void testWorkflowWithSecurityPolicy() throws Exception {
// Create an ACL for the authorization service to return
AccessControlList acl = new AccessControlList();
acl.getEntries().add(new AccessControlEntry("ROLE_INSTRUCTOR", Permissions.Action.READ.toString(), true));
acl.getEntries().add(new AccessControlEntry("ROLE_INSTRUCTOR", Permissions.Action.WRITE.toString(), true));
// Mock up an authorization service that always returns "true" for hasPermission()
AuthorizationService authzService = EasyMock.createNiceMock(AuthorizationService.class);
EasyMock.expect(authzService.getActiveAcl((MediaPackage) EasyMock.anyObject())).andReturn(Tuple.tuple(acl, AclScope.Series)).anyTimes();
EasyMock.expect(authzService.hasPermission((MediaPackage) EasyMock.anyObject(), (String) EasyMock.anyObject())).andReturn(true).anyTimes();
EasyMock.replay(authzService);
service.setAuthorizationService(authzService);
dao.setAuthorizationService(authzService);
// Create the workflow and its dependent object graph
WorkflowDefinitionImpl def = new WorkflowDefinitionImpl();
def.add(new WorkflowOperationDefinitionImpl("op1", "op1", null, true));
MediaPackage mp = MediaPackageBuilderFactory.newInstance().newMediaPackageBuilder().createNew();
// As an instructor, create a workflow. We don't care if it passes or fails. We just care about access to it.
userResponder.setResponse(instructor1);
WorkflowInstance workflow = service.start(def, mp);
service.suspend(workflow.getId());
// Ensure that this instructor can access the workflow
try {
service.getWorkflowById(workflow.getId());
assertEquals(1, service.countWorkflowInstances());
} catch (Exception e) {
fail(e.getMessage());
}
// Ensure the organization admin can access that workflow
userResponder.setResponse(DEFAULT_ORG_ADMIN);
try {
service.getWorkflowById(workflow.getId());
assertEquals(1, service.countWorkflowInstances());
} catch (Exception e) {
fail(e.getMessage());
}
// Ensure the global admin can access that workflow
userResponder.setResponse(globalAdmin);
try {
service.getWorkflowById(workflow.getId());
assertEquals(1, service.countWorkflowInstances());
} catch (Exception e) {
fail(e.getMessage());
}
// Ensure the other instructor from this organization can also see the workflow, since this is specified in the
// security policy
userResponder.setResponse(instructor2);
try {
service.getWorkflowById(workflow.getId());
assertEquals(1, service.countWorkflowInstances());
} catch (Exception e) {
fail(e.getMessage());
}
// TODO change to answer show in episode or series how to do it. Cool stuff
// Ensure the instructor from a different org can not see the workflow, even though they share the same role
organizationResponder.setResponse(otherOrganization);
userResponder.setResponse(instructorFromDifferentOrg);
try {
service.getWorkflowById(workflow.getId());
fail();
} catch (Exception e) {
// expected
}
assertEquals(0, service.countWorkflowInstances());
}
Aggregations