001: /* ====================================================================
002: * The Jcorporate Apache Style Software License, Version 1.2 05-07-2002
003: *
004: * Copyright (c) 1995-2002 Jcorporate Ltd. All rights reserved.
005: *
006: * Redistribution and use in source and binary forms, with or without
007: * modification, are permitted provided that the following conditions
008: * are met:
009: *
010: * 1. Redistributions of source code must retain the above copyright
011: * notice, this list of conditions and the following disclaimer.
012: *
013: * 2. Redistributions in binary form must reproduce the above copyright
014: * notice, this list of conditions and the following disclaimer in
015: * the documentation and/or other materials provided with the
016: * distribution.
017: *
018: * 3. The end-user documentation included with the redistribution,
019: * if any, must include the following acknowledgment:
020: * "This product includes software developed by Jcorporate Ltd.
021: * (http://www.jcorporate.com/)."
022: * Alternately, this acknowledgment may appear in the software itself,
023: * if and wherever such third-party acknowledgments normally appear.
024: *
025: * 4. "Jcorporate" and product names such as "Expresso" must
026: * not be used to endorse or promote products derived from this
027: * software without prior written permission. For written permission,
028: * please contact info@jcorporate.com.
029: *
030: * 5. Products derived from this software may not be called "Expresso",
031: * or other Jcorporate product names; nor may "Expresso" or other
032: * Jcorporate product names appear in their name, without prior
033: * written permission of Jcorporate Ltd.
034: *
035: * 6. No product derived from this software may compete in the same
036: * market space, i.e. framework, without prior written permission
037: * of Jcorporate Ltd. For written permission, please contact
038: * partners@jcorporate.com.
039: *
040: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
041: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
042: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
043: * DISCLAIMED. IN NO EVENT SHALL JCORPORATE LTD OR ITS CONTRIBUTORS
044: * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
045: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
046: * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
047: * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
048: * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
049: * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
050: * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
051: * SUCH DAMAGE.
052: * ====================================================================
053: *
054: * This software consists of voluntary contributions made by many
055: * individuals on behalf of the Jcorporate Ltd. Contributions back
056: * to the project(s) are encouraged when you make modifications.
057: * Please send them to support@jcorporate.com. For more information
058: * on Jcorporate Ltd. and its products, please see
059: * <http://www.jcorporate.com/>.
060: *
061: * Portions of this software are based upon other open source
062: * products and are subject to their respective licenses.
063: */
064:
065: package com.jcorporate.expresso.services.dbobj.tests;
066:
067: import com.jcorporate.expresso.core.db.DBException;
068: import com.jcorporate.expresso.core.dbobj.SecuredDBObject;
069: import com.jcorporate.expresso.core.security.User;
070: import com.jcorporate.expresso.services.dbobj.DBObjSecurity;
071: import com.jcorporate.expresso.services.dbobj.GroupMembers;
072: import com.jcorporate.expresso.services.dbobj.UserGroup;
073: import com.jcorporate.expresso.services.dbobj.UserPreference;
074: import com.jcorporate.expresso.services.test.ExpressoTestCase;
075: import com.jcorporate.expresso.services.test.TestSystemInitializer;
076: import junit.framework.TestSuite;
077:
078: import java.util.ArrayList;
079: import java.util.Iterator;
080:
081: /**
082: * Perform unit tests to determine if the db object security is working correctly.
083: * These unit tests create a temporary user entry, assign it certain permissions,
084: * verifying that the permissions
085: * are granted appropriately, then remove the permissions and check that they are
086: * removed. Note that this test requires that the default UserDBObj implentation
087: * of User is used - e.g. don't have LDAP enabled when this test is run.
088: *
089: * @author Michael Rimov
090: * @version $Revision: 1.2 $ on $Date: 2004/11/17 20:48:24 $
091: */
092: public class DBObjSecurityTests extends ExpressoTestCase {
093: private static final String TEST_GROUP = "TestGroup";
094: private static final String TEST_LOGIN = "testUser";
095: private int TEST_UID = 0;
096:
097: public DBObjSecurityTests(String name) throws Exception {
098: super (name);
099: }
100:
101: public static void main(String[] args) throws java.lang.Exception {
102:
103: //Set the system properties we need
104: junit.textui.TestRunner.run(suite());
105: }
106:
107: /**
108: * Creates the test cases. Order is important, thus the manual
109: * creation.
110: */
111: public static junit.framework.Test suite() throws Exception {
112: return new TestSuite(DBObjSecurityTests.class);
113: }
114:
115: /**
116: * Create a SetupCache and make sure that the values are reading correctly.
117: */
118: public void testDBObjSecurity() throws Exception {
119:
120: /* Remove all permission for the test group initially */
121: DBObjSecurity oneSec = null;
122: DBObjSecurity secList = new DBObjSecurity();
123: secList.setDataContext(TestSystemInitializer.getTestContext());
124: secList.setField("GroupName", TEST_GROUP);
125:
126: for (Iterator e1 = secList.searchAndRetrieveList().iterator(); e1
127: .hasNext();) {
128: oneSec = (DBObjSecurity) e1.next();
129: oneSec.delete();
130: }
131:
132: /* Make sure the test user has no permission now */
133: UserPreference testPref = new UserPreference(this .TEST_UID);
134: testPref.setDataContext(TestSystemInitializer.getTestContext());
135:
136: if (testPref.checkAllowed("A")) {
137: fail("Test user was allowed add permission to "
138: + "UserPreference and should not have been");
139: }
140: if (testPref.checkAllowed("U")) {
141: fail("Test user was allowed update permission to "
142: + "UserPreference and should not have been");
143: }
144: if (testPref.checkAllowed("D")) {
145: fail("Test user was allowed delete permission to "
146: + "UserPreference and should not have been");
147: }
148: if (testPref.checkAllowed("S")) {
149: fail("Test user was allowed search permission to "
150: + "UserPreference and should not have been");
151: }
152:
153: String testPrefDB = testPref.getDataContext();
154:
155: /* Now grant "add" permission and see what happens */
156: DBObjSecurity newSec = new DBObjSecurity(
157: SecuredDBObject.SYSTEM_ACCOUNT);
158: newSec.setDataContext(TestSystemInitializer.getTestContext());
159: newSec.setField("GroupName", "TestGroup");
160: newSec.setField("MethodCode", "A");
161: newSec
162: .setField("DBObjectName",
163: "com.jcorporate.expresso.services.dbobj.UserPreference");
164: newSec.add();
165: testPrefDB = testPref.getDataContext();
166: if (!testPref.checkAllowed("A")) {
167: fail("Test user was not allowed add permission to "
168: + "UserPreference and should have been - add of permissions "
169: + "did not work");
170: }
171: if (testPref.checkAllowed("U")) {
172: fail("Test user was allowed update permission to "
173: + "UserPreference and should not have been");
174: }
175: if (testPref.checkAllowed("D")) {
176: fail("Test user was allowed delete permission to "
177: + "UserPreference and should not have been");
178: }
179: if (testPref.checkAllowed("S")) {
180: fail("Test user was allowed search permission to "
181: + "UserPreference and should not have been");
182: }
183:
184: /* Now remove add permission and make sure it gets removed */
185: newSec.setField("GroupName", TEST_GROUP);
186: newSec.setField("MethodCode", "A");
187: newSec
188: .setField(
189: "DBObjectName",
190: com.jcorporate.expresso.services.dbobj.UserPreference.class
191: .getName());
192: newSec.delete();
193:
194: if (testPref.checkAllowed("A")) {
195: fail("Test user was allowed add permission to "
196: + "UserPreference and should not have been - delete of "
197: + "permissions did not work");
198: }
199: if (testPref.checkAllowed("U")) {
200: fail("Test user was allowed update permission "
201: + "to UserPreference and should not have been");
202: }
203: if (testPref.checkAllowed("D")) {
204: fail("Test user was allowed delete permission to "
205: + "UserPreference and should not have been");
206: }
207: if (testPref.checkAllowed("S")) {
208: fail("Test user was allowed search permission "
209: + "to UserPreference and should not have been");
210: }
211: }
212:
213: protected void setUp() throws java.lang.Exception {
214: User testUser = new User();
215: testUser.setDataContext(TestSystemInitializer.getTestContext());
216: testUser.setLoginName(TEST_LOGIN);
217:
218: if (!testUser.find()) {
219: testUser.setEmail("testme@example.org");
220: testUser.setLoginName(TEST_LOGIN);
221: testUser
222: .setDisplayName("User for DBObjSecurity unit test - remove");
223: testUser.add();
224: }
225: if (testUser.find()) {
226: TEST_UID = testUser.getUid();
227: } else {
228: fail("Unable to create Test User");
229: }
230:
231: UserGroup testGroup = new UserGroup(
232: SecuredDBObject.SYSTEM_ACCOUNT);
233: testGroup
234: .setDataContext(TestSystemInitializer.getTestContext());
235: testGroup.setField("GroupName", TEST_GROUP);
236:
237: if (!testGroup.find()) {
238: testGroup.setField("Descrip",
239: "Group for DBObjSecurity unit test - remove");
240: testGroup.add();
241: }
242:
243: GroupMembers testGroupMembers = new GroupMembers(
244: SecuredDBObject.SYSTEM_ACCOUNT);
245: testGroupMembers.setDataContext(TestSystemInitializer
246: .getTestContext());
247: testGroupMembers.setField("GroupName", TEST_GROUP);
248: testGroupMembers.setField("ExpUid", TEST_UID);
249:
250: if (!testGroupMembers.find()) {
251: testGroupMembers.add();
252: }
253:
254: /* Now the test user is in the test group */
255: super .setUp();
256: }
257:
258: /**
259: * Makes sure that all objects are deleted properly. Notice that everything
260: * is removed in reverse order to allow for referential integrity.
261: */
262: protected void tearDown() throws java.lang.Exception {
263: //remove all group members
264: try {
265: GroupMembers testGroupMembers = new GroupMembers(
266: SecuredDBObject.SYSTEM_ACCOUNT);
267: testGroupMembers.setDataContext(TestSystemInitializer
268: .getTestContext());
269: testGroupMembers.setField("GroupName", TEST_GROUP);
270: testGroupMembers.setField("ExpUid", TEST_UID);
271: ArrayList al = testGroupMembers.searchAndRetrieveList();
272:
273: for (Iterator i = al.iterator(); i.hasNext();) {
274: GroupMembers oneMember = (GroupMembers) i.next();
275: oneMember.delete();
276: }
277: } catch (DBException dbe) {
278: dbe.printStackTrace();
279: System.out.println("Error Deleting Test Group Members: "
280: + dbe.getMessage());
281: }
282:
283: //Remove all security entries for test group
284: try {
285: DBObjSecurity oneSec = null;
286: DBObjSecurity secList = new DBObjSecurity();
287: secList.setDataContext(TestSystemInitializer
288: .getTestContext());
289: secList.setField("GroupName", TEST_GROUP);
290:
291: for (Iterator e1 = secList.searchAndRetrieveList()
292: .iterator(); e1.hasNext();) {
293: oneSec = (DBObjSecurity) e1.next();
294: oneSec.delete();
295: }
296: } catch (DBException dbe) {
297: dbe.printStackTrace();
298: System.out.println("DBObject Security Entries: "
299: + dbe.getMessage());
300: }
301:
302: //Remove the user group.
303: try {
304: UserGroup testGroup = new UserGroup();
305: testGroup.setDataContext(TestSystemInitializer
306: .getTestContext());
307: testGroup.setField("GroupName", TEST_GROUP);
308:
309: if (testGroup.find()) {
310: testGroup.delete();
311: }
312: } catch (DBException dbe) {
313: dbe.printStackTrace();
314: System.out.println("Error Deleting Test Group: "
315: + dbe.getMessage());
316: }
317:
318: //Remove the user himself
319: try {
320: User testUser = new User();
321: testUser.setDataContext(TestSystemInitializer
322: .getTestContext());
323: testUser.setLoginName(TEST_LOGIN);
324:
325: if (testUser.find()) {
326: testUser.delete();
327: }
328: } catch (DBException dbe) {
329: dbe.printStackTrace();
330: System.out.println("Error Deleting Test User: "
331: + dbe.getMessage());
332: }
333:
334: super.tearDown();
335: }
336: }
|