use of org.opencastproject.security.api.DefaultOrganization in project opencast by opencast.
the class RemoteUserAndOrganizationFilterTest method testUserSwitchingToAdminForbidden.
@Test
public void testUserSwitchingToAdminForbidden() throws IOException {
SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
filter.setSecurityService(securityService);
EasyMock.expect(securityService.getOrganization()).andReturn(new DefaultOrganization()).anyTimes();
EasyMock.expect(securityService.getUser()).andAnswer(userResponder).anyTimes();
EasyMock.replay(securityService);
User defaultUser = new JaxbUser("admin", "test", new DefaultOrganization(), new JaxbRole(SecurityConstants.GLOBAL_SUDO_ROLE, new DefaultOrganization()));
userResponder.setResponse(defaultUser);
switchingUserResponder.setResponse(defaultUser);
HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
EasyMock.expect(request.getHeader(SecurityConstants.USER_HEADER)).andReturn("admin").anyTimes();
EasyMock.replay(request);
HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
response.sendError(EasyMock.anyInt());
EasyMock.expectLastCall().times(1);
EasyMock.replay(response);
try {
filter.doFilter(request, response, chain);
} catch (Exception e) {
Assert.fail(e.getMessage());
}
EasyMock.verify(response);
}
use of org.opencastproject.security.api.DefaultOrganization in project opencast by opencast.
the class RemoteUserAndOrganizationFilterTest method testUserSwitching.
@Test
public void testUserSwitching() throws IOException {
SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
filter.setSecurityService(securityService);
EasyMock.expect(securityService.getOrganization()).andReturn(new DefaultOrganization()).anyTimes();
EasyMock.expect(securityService.getUser()).andAnswer(userResponder).anyTimes();
securityService.setUser(EasyMock.anyObject(User.class));
EasyMock.expectLastCall().times(2);
EasyMock.replay(securityService);
User defaultUser = new JaxbUser("admin", "test", new DefaultOrganization(), new JaxbRole(SecurityConstants.GLOBAL_SUDO_ROLE, new DefaultOrganization()));
userResponder.setResponse(defaultUser);
HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
EasyMock.expect(request.getHeader(SecurityConstants.USER_HEADER)).andReturn("joe").anyTimes();
EasyMock.replay(request);
HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
EasyMock.replay(response);
try {
filter.doFilter(request, response, chain);
} catch (Exception e) {
Assert.fail(e.getMessage());
}
EasyMock.verify(securityService);
}
use of org.opencastproject.security.api.DefaultOrganization in project opencast by opencast.
the class ThemesServiceDatabaseTest method testStoreUpdateAndDelete.
@Test
public void testStoreUpdateAndDelete() throws Exception {
JaxbOrganization org = new DefaultOrganization();
JaxbUser creator = new JaxbUser("admin", "test", org);
Theme theme = new Theme(Option.<Long>none(), new Date(), true, creator, "New");
Theme updateTheme = themesDatabase.updateTheme(theme);
Assert.assertEquals("New", updateTheme.getName());
Assert.assertEquals(1, themesDatabase.countThemes());
theme = new Theme(updateTheme.getId(), new Date(), true, creator, "Updated");
updateTheme = themesDatabase.updateTheme(theme);
Assert.assertEquals("Updated", updateTheme.getName());
Assert.assertEquals(1, themesDatabase.countThemes());
try {
theme = themesDatabase.getTheme(updateTheme.getId().get());
Assert.assertNotNull(theme);
} catch (NotFoundException e) {
Assert.fail("Existing theme has not been found");
}
themesDatabase.deleteTheme(updateTheme.getId().get());
Assert.assertEquals(0, themesDatabase.countThemes());
try {
themesDatabase.getTheme(updateTheme.getId().get());
Assert.fail("Deleted theme has been found");
} catch (NotFoundException e) {
Assert.assertNotNull(e);
}
}
use of org.opencastproject.security.api.DefaultOrganization in project opencast by opencast.
the class ThemesServiceDatabaseTest method setUp.
/**
* @throws java.lang.Exception
*/
@Before
public void setUp() throws Exception {
// Mock up a security service
SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
User user = new JaxbUser("admin", "test", new DefaultOrganization(), new JaxbRole(SecurityConstants.GLOBAL_ADMIN_ROLE, new DefaultOrganization()));
EasyMock.expect(securityService.getOrganization()).andReturn(new DefaultOrganization()).anyTimes();
EasyMock.expect(securityService.getUser()).andReturn(user).anyTimes();
EasyMock.replay(securityService);
UserDirectoryService userDirectoryService = EasyMock.createNiceMock(UserDirectoryService.class);
EasyMock.expect(userDirectoryService.loadUser(EasyMock.anyString())).andReturn(user).anyTimes();
EasyMock.replay(userDirectoryService);
MessageSender messageSender = EasyMock.createNiceMock(MessageSender.class);
messageSender.sendObjectMessage(EasyMock.anyObject(String.class), EasyMock.anyObject(MessageSender.DestinationType.class), EasyMock.anyObject(Serializable.class));
EasyMock.expectLastCall().anyTimes();
EasyMock.replay(messageSender);
themesDatabase = new ThemesServiceDatabaseImpl();
themesDatabase.setEntityManagerFactory(newTestEntityManagerFactory(ThemesServiceDatabaseImpl.PERSISTENCE_UNIT));
themesDatabase.setSecurityService(securityService);
themesDatabase.setUserDirectoryService(userDirectoryService);
themesDatabase.setMessageSender(messageSender);
themesDatabase.activate(null);
}
use of org.opencastproject.security.api.DefaultOrganization in project opencast by opencast.
the class CaptureAgentStateServiceImplTest method testAgentVisibility.
@Test
public void testAgentVisibility() throws Exception {
// Create a new capture agent called "visibility"
String agentName = "visibility";
service.setAgentState(agentName, IDLE);
// Ensure we can see it
assertEquals(1, service.getKnownAgents().size());
// Set the roles allowed to use this agent
Set<String> roles = new HashSet<>();
roles.add("a_role_we_do_not_have");
AgentImpl agent = (AgentImpl) service.getAgent(agentName);
agent.setSchedulerRoles(roles);
service.updateAgentInDatabase(agent);
// Since we are an organizational admin, we should still see the agent
assertEquals(1, service.getKnownAgents().size());
// Use a security service that identifies us as a non-administrative user
DefaultOrganization organization = new DefaultOrganization();
HashSet<JaxbRole> roleSet = new HashSet<>();
roleSet.add(new JaxbRole("ROLE_NOT_ADMIN", organization, ""));
User user = new JaxbUser("testuser", "test", organization, roleSet);
SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
EasyMock.expect(securityService.getUser()).andReturn(user).anyTimes();
EasyMock.expect(securityService.getOrganization()).andReturn(new DefaultOrganization()).anyTimes();
EasyMock.replay(securityService);
service.setSecurityService(securityService);
// Ensure we can no longer see the agent, since we don't have an administrative role
assertEquals(0, service.getKnownAgents().size());
// TODO: Do we need to enforce access strictly? If someone asks for an agent by name, but they do not have the
// appropriate scheduler role, should we throw UnauthorizedException?
}
Aggregations