use of org.structr.core.graph.Tx in project structr by structr.
the class RenderContextTest method testFunctionEvaluationInDynamicTypes.
@Test
public void testFunctionEvaluationInDynamicTypes() {
NodeInterface item = null;
try (final Tx tx = app.tx()) {
app.create(SchemaNode.class, new NodeAttribute(SchemaNode.name, "Item"), new NodeAttribute(new StringProperty("_testMethodCalled"), "Boolean"), new NodeAttribute(new StringProperty("___testMethod"), "set(this, 'testMethodCalled', true)"));
// compile the stuff
tx.success();
} catch (FrameworkException fex) {
fex.printStackTrace();
fail("Unexpected exception");
}
final ConfigurationProvider config = StructrApp.getConfiguration();
final Class itemClass = config.getNodeEntityClass("Item");
// create parent/child relationship
try (final Tx tx = app.tx()) {
item = app.create(itemClass, new NodeAttribute(SchemaNode.name, "Item"));
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
fail("Unexpected exception");
}
// check property access in template expressions
try (final Tx tx = app.tx()) {
final RenderContext renderContext = new RenderContext(securityContext);
renderContext.putDataObject("item", item);
assertEquals("Invalid combined array dot syntax result: ", "Item", Scripting.replaceVariables(renderContext, item, "${find('Item')[0].name}"));
Scripting.replaceVariables(renderContext, item, "${item.testMethod()}");
assertEquals("Invalid method evaluation result: ", "true", Scripting.replaceVariables(renderContext, item, "${item.testMethodCalled}"));
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
fail("Unexpected exception");
}
}
use of org.structr.core.graph.Tx in project structr by structr.
the class RenderContextTest method testScriptEvaluation.
@Test
public void testScriptEvaluation() {
Settings.CypherDebugLogging.setValue(true);
try (final Tx tx = app.tx()) {
// create a Project type
final SchemaNode projectNode = createTestNode(SchemaNode.class, new NodeAttribute<>(StructrApp.key(AbstractNode.class, "name"), "Project"));
// create a Task type with a string property "task"
final SchemaNode taskNode = createTestNode(SchemaNode.class, new NodeAttribute<>(StructrApp.key(AbstractNode.class, "name"), "Task"), new NodeAttribute<>(new StringProperty("_task"), "String"));
// create a schema relationship between them
createTestNode(SchemaRelationshipNode.class, new NodeAttribute<>(StructrApp.key(SchemaRelationshipNode.class, "sourceNode"), projectNode), new NodeAttribute<>(StructrApp.key(SchemaRelationshipNode.class, "targetNode"), taskNode), new NodeAttribute<>(StructrApp.key(SchemaRelationshipNode.class, "relationshipType"), "has"), new NodeAttribute<>(StructrApp.key(SchemaRelationshipNode.class, "sourceMultiplicity"), "1"), new NodeAttribute<>(StructrApp.key(SchemaRelationshipNode.class, "targetMultiplicity"), "*"), new NodeAttribute<>(StructrApp.key(SchemaRelationshipNode.class, "sourceJsonName"), "project"), new NodeAttribute<>(StructrApp.key(SchemaRelationshipNode.class, "targetJsonName"), "tasks"));
tx.success();
} catch (FrameworkException ex) {
logger.warn("", ex);
fail("Unexpected exception");
}
try (final Tx tx = app.tx()) {
// obtain class objects to create instances of the above types
final Class projectType = StructrApp.getConfiguration().getNodeEntityClass("Project");
final Class taskType = StructrApp.getConfiguration().getNodeEntityClass("Task");
final PropertyKey taskKey = StructrApp.key(taskType, "task");
final PropertyKey tasksKey = StructrApp.key(projectType, "tasks");
final List<NodeInterface> tasks = new LinkedList<>();
tasks.add(app.create(taskType, new NodeAttribute<>(StructrApp.key(AbstractNode.class, "name"), "Task 1"), new NodeAttribute<>(taskKey, "Task 1")));
tasks.add(app.create(taskType, new NodeAttribute<>(StructrApp.key(AbstractNode.class, "name"), "Task 2"), new NodeAttribute<>(taskKey, "Task 2")));
tasks.add(app.create(taskType, new NodeAttribute<>(StructrApp.key(AbstractNode.class, "name"), "Task 3"), new NodeAttribute<>(taskKey, "Task 3")));
// create a project and a task
final NodeInterface project = app.create(projectType, new NodeAttribute<>(StructrApp.key(AbstractNode.class, "name"), "project"), new NodeAttribute<>(tasksKey, tasks));
// create an additional test task without a project
final NodeInterface testTask = app.create(taskType, new NodeAttribute<>(StructrApp.key(AbstractNode.class, "name"), "test task"), new NodeAttribute<>(taskKey, "test task"));
final RenderContext renderContext = new RenderContext(securityContext);
renderContext.putDataObject("project", project);
renderContext.putDataObject("task", testTask);
assertEquals("Invalid scripting evaluation result", "", Scripting.replaceVariables(renderContext, null, "${foo.page}"));
assertEquals("Invalid scripting evaluation result", testTask.getUuid(), Scripting.replaceVariables(renderContext, null, "${task}"));
assertEquals("Invalid scripting evaluation result", "test task", Scripting.replaceVariables(renderContext, null, "${task.task}"));
assertEquals("Invalid scripting evaluation result", tasks.toString(), Scripting.replaceVariables(renderContext, null, "${project.tasks}"));
assertEquals("Invalid scripting evaluation result", tasks.get(0).getUuid(), Scripting.replaceVariables(renderContext, null, "${project.tasks[0]}"));
assertEquals("Invalid scripting evaluation result", tasks.get(1).getUuid(), Scripting.replaceVariables(renderContext, null, "${project.tasks[1]}"));
assertEquals("Invalid scripting evaluation result", tasks.get(2).getUuid(), Scripting.replaceVariables(renderContext, null, "${project.tasks[2]}"));
assertEquals("Invalid scripting evaluation result", "", Scripting.replaceVariables(renderContext, null, "${project.tasks[3]}"));
assertEquals("Invalid scripting evaluation result", "Task 1", Scripting.replaceVariables(renderContext, null, "${project.tasks[0].task}"));
assertEquals("Invalid scripting evaluation result", "Task 2", Scripting.replaceVariables(renderContext, null, "${project.tasks[1].task}"));
assertEquals("Invalid scripting evaluation result", "Task 3", Scripting.replaceVariables(renderContext, null, "${project.tasks[2].task}"));
assertEquals("Invalid scripting evaluation result", "", Scripting.replaceVariables(renderContext, null, "${project.tasks[3].task}"));
tx.success();
} catch (FrameworkException ex) {
logger.warn("", ex);
fail("Unexpected exception");
}
}
use of org.structr.core.graph.Tx in project structr by structr.
the class ResourceAccessTest method test03ResourceAccessPUT.
@Test
public void test03ResourceAccessPUT() {
// clear resource access objects that are created by the dynamic schema
clearResourceAccess();
final String name = "testuser-01";
final String password = "testpassword-01";
ResourceAccess folderGrant = null;
User testUser = null;
Folder testFolder = null;
try (final Tx tx = app.tx()) {
testUser = createTestNodes(User.class, 1).get(0);
testFolder = createTestNodes(Folder.class, 1).get(0);
assertNotNull(testFolder);
// no resource access node at all => forbidden
RestAssured.given().contentType("application/json; charset=UTF-8").expect().statusCode(401).when().put("/folder/" + testFolder.getUuid());
folderGrant = createResourceAccess("Folder", UiAuthenticator.FORBIDDEN);
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
logger.error(fex.toString());
fail("Unexpected exception");
}
try (final Tx tx = app.tx()) {
// resource access explicitly set to FORBIDDEN => forbidden
RestAssured.given().contentType("application/json; charset=UTF-8").expect().statusCode(401).when().put("/folder/" + testFolder.getUuid());
// allow PUT for authenticated users => access without user/pass should be still forbidden
folderGrant.setFlag(UiAuthenticator.AUTH_USER_PUT);
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
logger.error(fex.toString());
fail("Unexpected exception");
}
try (final Tx tx = app.tx()) {
RestAssured.given().contentType("application/json; charset=UTF-8").expect().statusCode(401).when().put("/folder/" + testFolder.getUuid());
// allow PUT for non-authenticated users =>
folderGrant.setProperties(folderGrant.getSecurityContext(), new PropertyMap(GraphObject.visibleToPublicUsers, true));
folderGrant.setFlag(UiAuthenticator.NON_AUTH_USER_PUT);
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
logger.error(fex.toString());
fail("Unexpected exception");
}
try (final Tx tx = app.tx()) {
// ownerless non-public node cannot be found by anonymous user
RestAssured.given().contentType("application/json; charset=UTF-8").expect().statusCode(404).when().put("/folder/" + testFolder.getUuid());
// Prepare for next test
final PropertyMap testUserProperties = new PropertyMap();
testUserProperties.put(StructrApp.key(User.class, "name"), name);
testUserProperties.put(StructrApp.key(User.class, "password"), password);
testUser.setProperties(testUser.getSecurityContext(), testUserProperties);
// now we give the user ownership and expect a 200
testFolder.setProperties(testFolder.getSecurityContext(), new PropertyMap(AbstractNode.owner, testUser));
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
logger.error(fex.toString());
fail("Unexpected exception");
}
try (final Tx tx = app.tx()) {
RestAssured.given().headers("X-User", name, "X-Password", password).contentType("application/json; charset=UTF-8").expect().statusCode(200).when().put("/folder/" + testFolder.getUuid());
tx.success();
} catch (FrameworkException ex) {
logger.warn("", ex);
logger.error(ex.toString());
fail("Unexpected exception");
}
}
use of org.structr.core.graph.Tx in project structr by structr.
the class ResourceAccessTest method test01ResourceAccessGET.
@Test
public void test01ResourceAccessGET() {
// clear resource access objects that are created by the dynamic schema
clearResourceAccess();
Folder testFolder = null;
ResourceAccess folderGrant = null;
try (final Tx tx = app.tx()) {
testFolder = createTestNodes(Folder.class, 1).get(0);
assertNotNull(testFolder);
// no resource access node at all => forbidden
RestAssured.given().contentType("application/json; charset=UTF-8").expect().statusCode(401).when().get("/folders");
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
logger.error(fex.toString());
fail("Unexpected exception");
}
try (final Tx tx = app.tx()) {
folderGrant = createResourceAccess("Folder", UiAuthenticator.FORBIDDEN);
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
logger.error(fex.toString());
fail("Unexpected exception");
}
try (final Tx tx = app.tx()) {
// resource access explicetly set to FORBIDDEN => forbidden
RestAssured.given().contentType("application/json; charset=UTF-8").expect().statusCode(401).when().get("/folders");
// allow GET for authenticated users => access without user/pass should be still forbidden
folderGrant.setProperties(folderGrant.getSecurityContext(), new PropertyMap(GraphObject.visibleToPublicUsers, true));
folderGrant.setFlag(UiAuthenticator.AUTH_USER_GET);
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
logger.error(fex.toString());
fail("Unexpected exception");
}
try (final Tx tx = app.tx()) {
RestAssured.given().contentType("application/json; charset=UTF-8").expect().statusCode(401).when().get("/folders");
// allow GET for non-authenticated users => access without user/pass should be allowed
folderGrant.setFlag(UiAuthenticator.NON_AUTH_USER_GET);
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
logger.error(fex.toString());
fail("Unexpected exception");
}
try (final Tx tx = app.tx()) {
RestAssured.given().contentType("application/json; charset=UTF-8").expect().statusCode(200).when().get("/folders");
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
logger.error(fex.toString());
fail("Unexpected exception");
}
}
use of org.structr.core.graph.Tx in project structr by structr.
the class ResourceAccessTest method test04ResourceAccessDELETE.
@Test
public void test04ResourceAccessDELETE() {
// clear resource access objects that are created by the dynamic schema
clearResourceAccess();
final String name = "testuser-01";
final String password = "testpassword-01";
Folder testFolder = null;
User testUser = null;
ResourceAccess folderGrant = null;
try (final Tx tx = app.tx()) {
testFolder = createTestNodes(Folder.class, 1).get(0);
assertNotNull(testFolder);
testUser = createTestNodes(User.class, 1).get(0);
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
logger.error(fex.toString());
fail("Unexpected exception");
}
try (final Tx tx = app.tx()) {
// no resource access node at all => forbidden
RestAssured.given().contentType("application/json; charset=UTF-8").expect().statusCode(401).when().delete("/folder/" + testFolder.getUuid());
folderGrant = createResourceAccess("Folder", UiAuthenticator.FORBIDDEN);
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
logger.error(fex.toString());
fail("Unexpected exception");
}
try (final Tx tx = app.tx()) {
// resource access explicitly set to FORBIDDEN => forbidden
RestAssured.given().contentType("application/json; charset=UTF-8").expect().statusCode(401).when().delete("/folder/" + testFolder.getUuid());
folderGrant.setFlag(UiAuthenticator.AUTH_USER_DELETE);
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
logger.error(fex.toString());
fail("Unexpected exception");
}
try (final Tx tx = app.tx()) {
RestAssured.given().contentType("application/json; charset=UTF-8").expect().statusCode(401).when().delete("/folder/" + testFolder.getUuid());
folderGrant.setProperties(folderGrant.getSecurityContext(), new PropertyMap(GraphObject.visibleToPublicUsers, true));
folderGrant.setFlag(UiAuthenticator.NON_AUTH_USER_DELETE);
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
logger.error(fex.toString());
fail("Unexpected exception");
}
try (final Tx tx = app.tx()) {
RestAssured.given().contentType("application/json; charset=UTF-8").expect().statusCode(404).when().delete("/folder/" + testFolder.getUuid());
final PropertyMap changedProperties = new PropertyMap();
changedProperties.put(StructrApp.key(User.class, "name"), name);
changedProperties.put(StructrApp.key(User.class, "password"), password);
testUser.setProperties(testUser.getSecurityContext(), changedProperties);
// make user own folder
testFolder.setProperties(testFolder.getSecurityContext(), new PropertyMap(AbstractNode.owner, testUser));
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
logger.error(fex.toString());
fail("Unexpected exception");
}
try (final Tx tx = app.tx()) {
// test user owns object now => 200
RestAssured.given().headers("X-User", name, "X-Password", password).contentType("application/json; charset=UTF-8").expect().statusCode(200).when().delete("/folder/" + testFolder.getUuid());
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
logger.error(fex.toString());
fail("Unexpected exception");
}
}
Aggregations