Examples with PutRequest org.springframework.extensions.webscripts.TestWebScriptServer.PutRequest used on opensource projects

Example 31 with PutRequest

use of org.springframework.extensions.webscripts.TestWebScriptServer.PutRequest in project alfresco-remote-api by Alfresco.

the class FacetRestApiTest method testUpdateSingleValue.

public void testUpdateSingleValue() throws Exception {
    // Build the Filter object
    final JSONObject filter = new JSONObject();
    final String filterName = "filter" + System.currentTimeMillis();
    filters.add(filterName);
    filter.put("filterID", filterName);
    filter.put("facetQName", "cm:test");
    filter.put("displayName", "facet-menu.facet.test1");
    filter.put("displayControl", "alfresco/search/FacetFilters/test");
    filter.put("maxFilters", 5);
    filter.put("hitThreshold", 1);
    filter.put("minFilterValueLength", 4);
    filter.put("sortBy", "ALPHABETICALLY");
    filter.put("isEnabled", true);
    JSONObject customProp = new JSONObject();
    // 1st custom prop
    JSONObject blockIncludeRequest = new JSONObject();
    blockIncludeRequest.put("name", "blockIncludeFacetRequest");
    blockIncludeRequest.put("value", "true");
    customProp.put("blockIncludeFacetRequest", blockIncludeRequest);
    filter.put("customProperties", customProp);
    AuthenticationUtil.runAs(new RunAsWork<Void>() {

        @Override
        public Void doWork() throws Exception {
            // Post the filter
            sendRequest(new PostRequest(POST_FACETS_URL, filter.toString(), "application/json"), 200);
            return null;
        }
    }, SEARCH_ADMIN_USER);
    // Admin updates displayName and facetQName in 2 put requests
    AuthenticationUtil.runAs(new RunAsWork<Void>() {

        @Override
        public Void doWork() throws Exception {
            // Retrieve the created filter
            Response response = sendRequest(new GetRequest(GET_FACETS_URL + "/" + filterName), 200);
            JSONObject jsonRsp = new JSONObject(new JSONTokener(response.getContentAsString()));
            assertEquals(filterName, jsonRsp.getString("filterID"));
            assertEquals("facet-menu.facet.test1", jsonRsp.getString("displayName"));
            assertEquals("{http://www.alfresco.org/model/content/1.0}test", jsonRsp.getString("facetQName"));
            assertTrue(jsonRsp.getBoolean("isEnabled"));
            // Just supply the filterID and the required value
            JSONObject singleValueJson = new JSONObject();
            singleValueJson.put("filterID", filterName);
            // Change the displayName value and update
            singleValueJson.put("displayName", "facet-menu.facet.modifiedValue");
            sendRequest(new PutRequest(PUT_FACETS_URL, singleValueJson.toString(), "application/json"), 200);
            // Change the isEnabled value and update
            // We simulate two PUT requests without refreshing the page in
            // between updates
            singleValueJson = new JSONObject();
            singleValueJson.put("filterID", filterName);
            singleValueJson.put("isEnabled", false);
            sendRequest(new PutRequest(PUT_FACETS_URL, singleValueJson.toString(), "application/json"), 200);
            response = sendRequest(new GetRequest(GET_FACETS_URL + "/" + filterName), 200);
            jsonRsp = new JSONObject(new JSONTokener(response.getContentAsString()));
            // Now see if the two changes have been persisted
            assertEquals("facet-menu.facet.modifiedValue", jsonRsp.getString("displayName"));
            assertFalse(jsonRsp.getBoolean("isEnabled"));
            // Make sure the rest of values haven't been changed
            assertEquals(filterName, jsonRsp.getString("filterID"));
            assertEquals("{http://www.alfresco.org/model/content/1.0}test", jsonRsp.getString("facetQName"));
            assertEquals("alfresco/search/FacetFilters/test", jsonRsp.getString("displayControl"));
            assertEquals(5, jsonRsp.getInt("maxFilters"));
            assertEquals(1, jsonRsp.getInt("hitThreshold"));
            assertEquals(4, jsonRsp.getInt("minFilterValueLength"));
            assertEquals("ALPHABETICALLY", jsonRsp.getString("sortBy"));
            assertEquals("ALL", jsonRsp.getString("scope"));
            assertFalse(jsonRsp.getBoolean("isDefault"));
            // Make sure custom properties haven't been deleted
            JSONObject retrievedCustomProp = jsonRsp.getJSONObject("customProperties");
            JSONObject retrievedBlockIncludeRequest = retrievedCustomProp.getJSONObject("blockIncludeFacetRequest");
            assertEquals("{http://www.alfresco.org/model/solrfacetcustomproperty/1.0}blockIncludeFacetRequest", retrievedBlockIncludeRequest.get("name"));
            assertEquals("true", retrievedBlockIncludeRequest.get("value"));
            // Change the facetQName value and update
            singleValueJson = new JSONObject();
            singleValueJson.put("filterID", filterName);
            singleValueJson.put("facetQName", "cm:testModifiedValue");
            // We simulate that 'testModifiedValue' QName doesn't have custom properties
            singleValueJson.put("customProperties", new JSONObject());
            sendRequest(new PutRequest(PUT_FACETS_URL, singleValueJson.toString(), "application/json"), 200);
            response = sendRequest(new GetRequest(GET_FACETS_URL + "/" + filterName), 200);
            jsonRsp = new JSONObject(new JSONTokener(response.getContentAsString()));
            // Now see if the facetQName and its side-effect have been persisted
            assertEquals("{http://www.alfresco.org/model/content/1.0}testModifiedValue", jsonRsp.getString("facetQName"));
            assertNull("Custom properties should have been deleted.", jsonRsp.opt("customProperties"));
            // Make sure the rest of values haven't been changed
            assertEquals(filterName, jsonRsp.getString("filterID"));
            assertEquals("facet-menu.facet.modifiedValue", jsonRsp.getString("displayName"));
            assertEquals("alfresco/search/FacetFilters/test", jsonRsp.getString("displayControl"));
            assertEquals(5, jsonRsp.getInt("maxFilters"));
            assertEquals(1, jsonRsp.getInt("hitThreshold"));
            assertEquals(4, jsonRsp.getInt("minFilterValueLength"));
            assertEquals("ALPHABETICALLY", jsonRsp.getString("sortBy"));
            assertFalse(jsonRsp.getBoolean("isDefault"));
            assertEquals("ALL", jsonRsp.getString("scope"));
            assertFalse(jsonRsp.getBoolean("isEnabled"));
            return null;
        }
    }, SEARCH_ADMIN_USER);
}

Example 32 with PutRequest

use of org.springframework.extensions.webscripts.TestWebScriptServer.PutRequest in project alfresco-remote-api by Alfresco.

the class FacetRestApiTest method testCreateUpdateFacetWithInvalidFilterId.

public void testCreateUpdateFacetWithInvalidFilterId() throws Exception {
    // Build the Filter object
    final JSONObject filter = new JSONObject();
    final String filterName = "filter" + System.currentTimeMillis();
    filters.add(filterName);
    filter.put("filterID", filterName);
    filter.put("facetQName", "cm:test1");
    filter.put("displayName", "facet-menu.facet.test1");
    filter.put("displayControl", "alfresco/search/FacetFilters/test1");
    filter.put("maxFilters", 5);
    filter.put("hitThreshold", 1);
    filter.put("minFilterValueLength", 4);
    filter.put("sortBy", "ALPHABETICALLY");
    AuthenticationUtil.runAs(new RunAsWork<Void>() {

        @Override
        public Void doWork() throws Exception {
            // Post the filter
            sendRequest(new PostRequest(POST_FACETS_URL, filter.toString(), "application/json"), 200);
            return null;
        }
    }, SEARCH_ADMIN_USER);
    // Admin tries to change the FilterID value
    AuthenticationUtil.runAs(new RunAsWork<Void>() {

        @Override
        public Void doWork() throws Exception {
            // Retrieve the created filter
            Response response = sendRequest(new GetRequest(GET_FACETS_URL + "/" + filterName), 200);
            JSONObject jsonRsp = new JSONObject(new JSONTokener(response.getContentAsString()));
            assertEquals(filterName, jsonRsp.getString("filterID"));
            // Now change the filterID value and try to update
            jsonRsp.put("filterID", filterName + "Modified");
            sendRequest(new PutRequest(PUT_FACETS_URL, jsonRsp.toString(), "application/json"), 400);
            return null;
        }
    }, SEARCH_ADMIN_USER);
    // Admin tries to create a filter with a duplicate FilterID
    AuthenticationUtil.runAs(new RunAsWork<Void>() {

        @Override
        public Void doWork() throws Exception {
            // Post the filter
            sendRequest(new PostRequest(POST_FACETS_URL, filter.toString(), "application/json"), 400);
            return null;
        }
    }, SEARCH_ADMIN_USER);
    // Admin tries to create a filter with a malicious FilterID
    AuthenticationUtil.runAs(new RunAsWork<Void>() {

        @Override
        public Void doWork() throws Exception {
            Response response = sendRequest(new GetRequest(GET_FACETS_URL), 200);
            JSONObject jsonRsp = new JSONObject(new JSONTokener(response.getContentAsString()));
            JSONArray facetsArray = (JSONArray) jsonRsp.get(FACETS);
            assertNotNull("JSON 'facets' array was null", facetsArray);
            final List<String> facets = getListFromJsonArray(facetsArray);
            filter.put("filterID", "<script>alert('Maliciouse-FilterID')</script>");
            // Post the filter
            sendRequest(new PostRequest(POST_FACETS_URL, filter.toString(), "application/json"), 400);
            // Retrieve all filters
            response = sendRequest(new GetRequest(GET_FACETS_URL), 200);
            jsonRsp = new JSONObject(new JSONTokener(response.getContentAsString()));
            facetsArray = (JSONArray) jsonRsp.get(FACETS);
            assertNotNull("JSON 'facets' array was null", facetsArray);
            final List<String> newFacets = getListFromJsonArray(facetsArray);
            assertEquals(facets, newFacets);
            return null;
        }
    }, SEARCH_ADMIN_USER);
}

Example 33 with PutRequest

use of org.springframework.extensions.webscripts.TestWebScriptServer.PutRequest in project alfresco-remote-api by Alfresco.

the class SiteServiceTest method testPutMembership.

public void testPutMembership() throws Exception {
    // Create a site
    String shortName = GUID.generate();
    createSite("myPreset", shortName, "myTitle", "myDescription", SiteVisibility.PUBLIC, 200);
    // Build the JSON membership object
    JSONObject membership = new JSONObject();
    membership.put("role", SiteModel.SITE_CONSUMER);
    JSONObject person = new JSONObject();
    person.put("userName", USER_TWO);
    membership.put("person", person);
    // Post the membership
    Response response = sendRequest(new PostRequest(URL_SITES + "/" + shortName + URL_MEMBERSHIPS, membership.toString(), "application/json"), 200);
    JSONObject newMember = new JSONObject(response.getContentAsString());
    // Update the role by returning the data.
    newMember.put("role", SiteModel.SITE_COLLABORATOR);
    response = sendRequest(new PutRequest(URL_SITES + "/" + shortName + URL_MEMBERSHIPS, newMember.toString(), "application/json"), 200);
    JSONObject result = new JSONObject(response.getContentAsString());
    // Check the result
    assertEquals(SiteModel.SITE_COLLABORATOR, result.get("role"));
    assertEquals(USER_TWO, result.getJSONObject("authority").get("userName"));
    // Double check and get the membership for user two
    response = sendRequest(new GetRequest(URL_SITES + "/" + shortName + URL_MEMBERSHIPS + "/" + USER_TWO), 200);
    result = new JSONObject(response.getContentAsString());
    assertEquals(SiteModel.SITE_COLLABORATOR, result.get("role"));
    assertEquals(USER_TWO, result.getJSONObject("authority").get("userName"));
}

Example 34 with PutRequest

use of org.springframework.extensions.webscripts.TestWebScriptServer.PutRequest in project alfresco-remote-api by Alfresco.

the class SiteServiceTest method testGroupMembership.

public void testGroupMembership() throws Exception {
    String testGroup = "SiteServiceTestGroupA";
    String testGroupName = "GROUP_" + testGroup;
    if (!authorityService.authorityExists(testGroupName)) {
        this.authenticationComponent.setSystemUserAsCurrentUser();
        testGroupName = authorityService.createAuthority(AuthorityType.GROUP, testGroup, testGroup, authorityService.getDefaultZones());
    }
    this.authenticationComponent.setCurrentUser(USER_ONE);
    // CRUD a membership group for a web site
    // Create a site
    String shortName = GUID.generate();
    createSite("myPreset", shortName, "myTitle", "myDescription", SiteVisibility.PUBLIC, 200);
    // Build the JSON membership object
    JSONObject membership = new JSONObject();
    membership.put("role", SiteModel.SITE_CONSUMER);
    JSONObject group = new JSONObject();
    group.put("fullName", testGroupName);
    membership.put("group", group);
    // Create a new group membership
    {
        Response response = sendRequest(new PostRequest(URL_SITES + "/" + shortName + URL_MEMBERSHIPS, membership.toString(), "application/json"), 200);
        JSONObject newMember = new JSONObject(response.getContentAsString());
        // Validate the return value
        assertEquals("role not correct", SiteModel.SITE_CONSUMER, newMember.getString("role"));
        JSONObject newGroup = newMember.getJSONObject("authority");
        assertNotNull("newGroup");
        assertEquals("full name not correct", testGroupName, newGroup.getString("fullName"));
        assertEquals("authorityType not correct", "GROUP", newGroup.getString("authorityType"));
        // Now send the returned value back with a new role (COLLABORATOR)
        newMember.put("role", SiteModel.SITE_COLLABORATOR);
        response = sendRequest(new PutRequest(URL_SITES + "/" + shortName + URL_MEMBERSHIPS, newMember.toString(), "application/json"), 200);
        JSONObject updateResult = new JSONObject(response.getContentAsString());
        assertEquals("role not correct", SiteModel.SITE_COLLABORATOR, updateResult.getString("role"));
    }
    // Now List membership to show the group from above.
    {
        Response response = sendRequest(new GetRequest(URL_SITES + "/" + shortName + URL_MEMBERSHIPS), 200);
        JSONArray listResult = new JSONArray(response.getContentAsString());
        /**
         * The result should have at least 2 elements, 1 for the user who created and 1 for the group added above
         */
        assertTrue("result too small", listResult.length() >= 2);
        for (int i = 0; i < listResult.length(); i++) {
            JSONObject obj = listResult.getJSONObject(i);
            JSONObject authority = obj.getJSONObject("authority");
            if (authority.getString("authorityType").equals("GROUP")) {
                assertEquals("full name not correct", testGroupName, authority.getString("fullName"));
            }
            if (authority.getString("authorityType").equals("USER")) {
                assertEquals("full name not correct", USER_ONE, authority.getString("fullName"));
            }
        }
    }
    // Now get the group membership from above
    // Now List membership to show the group from above.
    {
        Response response = sendRequest(new GetRequest(URL_SITES + "/" + shortName + URL_MEMBERSHIPS + '/' + testGroupName), 200);
        JSONObject getResult = new JSONObject(response.getContentAsString());
        System.out.println(response.getContentAsString());
        JSONObject grp = getResult.getJSONObject("authority");
        assertEquals("full name not correct", testGroupName, grp.getString("fullName"));
    }
    // cleanup
    if (authorityService.authorityExists(testGroupName)) {
        this.authenticationComponent.setSystemUserAsCurrentUser();
        authorityService.deleteAuthority(testGroupName);
    }
}

Example 35 with PutRequest

use of org.springframework.extensions.webscripts.TestWebScriptServer.PutRequest in project alfresco-remote-api by Alfresco.

the class SurfConfigTest method testSurfConfigPermissions.

// MNT-16371
public void testSurfConfigPermissions() throws Exception {
    // Create a site as USER_ONE
    String shortName = UUID.randomUUID().toString();
    JSONObject result = createSite("myPreset", shortName, "myTitle", "myDescription", SiteVisibility.PUBLIC, 200);
    assertEquals("myPreset", result.get("sitePreset"));
    assertEquals(shortName, result.get("shortName"));
    assertEquals("myTitle", result.get("title"));
    assertEquals("myDescription", result.get("description"));
    assertEquals(SiteVisibility.PUBLIC.toString(), result.get("visibility"));
    // Make ADMRemoteStore to create the surf-config folder and the dashboard.xml file.
    sendRequest(new PostRequest(URL_ADM + "CREATE/alfresco/site-data/pages/site/" + shortName + "/dashboard.xml?s=sitestore", new JSONObject().toString(), "application/json"), 200);
    // {siteName}/cm:surf-config/
    NodeRef surfConfigFolderRef = nodeService.getChildByName(siteService.getSite(shortName).getNodeRef(), ContentModel.ASSOC_CONTAINS, "surf-config");
    assertEquals("surf-config", nodeService.getProperty(surfConfigFolderRef, ContentModel.PROP_NAME));
    String owner = (String) nodeService.getProperty(surfConfigFolderRef, ContentModel.PROP_OWNER);
    assertFalse(USER_ONE.equalsIgnoreCase(owner));
    assertEquals(AuthenticationUtil.getAdminUserName(), owner);
    assertFalse("Inherit Permissions should be off.", permissionService.getInheritParentPermissions(surfConfigFolderRef));
    Set<AccessPermission> permissions = permissionService.getAllSetPermissions(surfConfigFolderRef);
    assertEquals(1, permissions.size());
    String siteManagerGroup = siteService.getSiteRoleGroup(shortName, SiteModel.SITE_MANAGER);
    AccessPermission accessPermission = permissions.iterator().next();
    assertEquals(siteManagerGroup, accessPermission.getAuthority());
    assertEquals(SiteModel.SITE_MANAGER, accessPermission.getPermission());
    assertTrue(accessPermission.getAccessStatus() == AccessStatus.ALLOWED);
    // This is the method that finally gets called when ALF-21643 steps are followed.
    PagingResults<FileInfo> pageResults = fileFolderService.list(surfConfigFolderRef, true, true, null, null, null, new PagingRequest(CannedQueryPageDetails.DEFAULT_PAGE_SIZE));
    List<FileInfo> fileInfos = pageResults.getPage();
    assertNotNull(fileInfos);
    assertEquals(1, fileInfos.size());
    // {siteName}/cm:surf-config/pages
    assertEquals("pages", fileInfos.get(0).getName());
    // Add USER_TWO as a site collaborator
    JSONObject membership = new JSONObject();
    membership.put("role", SiteModel.SITE_COLLABORATOR);
    JSONObject person = new JSONObject();
    person.put("userName", USER_TWO);
    membership.put("person", person);
    // Post the membership
    Response response = sendRequest(new PostRequest(URL_SITES + "/" + shortName + URL_MEMBERSHIPS, membership.toString(), "application/json"), 200);
    result = new JSONObject(response.getContentAsString());
    assertEquals(SiteModel.SITE_COLLABORATOR, result.get("role"));
    assertEquals(USER_TWO, result.getJSONObject("authority").get("userName"));
    // Add USER_THREE as a site manager
    membership.put("role", SiteModel.SITE_MANAGER);
    person.put("userName", USER_THREE);
    membership.put("person", person);
    // Post the membership
    response = sendRequest(new PostRequest(URL_SITES + "/" + shortName + URL_MEMBERSHIPS, membership.toString(), "application/json"), 200);
    result = new JSONObject(response.getContentAsString());
    assertEquals(SiteModel.SITE_MANAGER, result.get("role"));
    assertEquals(USER_THREE, result.getJSONObject("authority").get("userName"));
    // USER_TWO is a site collaborator so he should not be able to access the surf-config folder
    AuthenticationUtil.setFullyAuthenticatedUser(USER_TWO);
    try {
        fileFolderService.list(surfConfigFolderRef, true, true, null, null, null, new PagingRequest(CannedQueryPageDetails.DEFAULT_PAGE_SIZE));
        fail("USER_TWO dose not have the appropriate permissions to perform this operation.");
    } catch (AccessDeniedException ex) {
    // expected
    }
    // USER_THREE is a site manager so he is able to access the surf-config folder
    AuthenticationUtil.setFullyAuthenticatedUser(USER_THREE);
    pageResults = fileFolderService.list(surfConfigFolderRef, true, true, null, null, null, new PagingRequest(CannedQueryPageDetails.DEFAULT_PAGE_SIZE));
    fileInfos = pageResults.getPage();
    assertNotNull(fileInfos);
    assertEquals(1, fileInfos.size());
    // {siteName}/cm:surf-config/pages
    assertEquals("pages", fileInfos.get(0).getName());
    // Update USER_ONE role from SiteManager to SiteContributor.
    membership.put("role", SiteModel.SITE_CONTRIBUTOR);
    person.put("userName", USER_ONE);
    membership.put("person", person);
    response = sendRequest(new PutRequest(URL_SITES + "/" + shortName + URL_MEMBERSHIPS, membership.toString(), "application/json"), 200);
    result = new JSONObject(response.getContentAsString());
    assertEquals(SiteModel.SITE_CONTRIBUTOR, result.get("role"));
    assertEquals(USER_ONE, result.getJSONObject("authority").get("userName"));
    // USER_ONE is no longer a site manager
    // USER_ONE tries to access "{siteName}/cm:surf-config" children
    AuthenticationUtil.setFullyAuthenticatedUser(USER_ONE);
    try {
        fileFolderService.list(surfConfigFolderRef, true, true, null, null, null, new PagingRequest(CannedQueryPageDetails.DEFAULT_PAGE_SIZE));
        fail("USER_ONE is not the owner and he is no longer a site manager, so does not have the appropriate permissions to perform this operation");
    } catch (AccessDeniedException ex) {
    // expected
    }
    // USER_ONE tries to access "{siteName}/cm:surf-config/pages" children
    try {
        fileFolderService.list(fileInfos.get(0).getNodeRef(), true, true, null, null, null, new PagingRequest(CannedQueryPageDetails.DEFAULT_PAGE_SIZE));
        fail("USER_ONE is not the owner and he is no longer a site manager, so does not have the appropriate permissions to perform this operation");
    } catch (AccessDeniedException ex) {
    // expected
    }
}