hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-07 01:54:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

[CST-4507] little code refactoring and updated test behaviour

Browse Source
This commit is contained in:
Corrado Lombardi
2021-09-30 09:54:10 +02:00
parent c7c7c37a2b
commit 1cd0cc3c2a
3 changed files with 40 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/AuthorizationRestRepository.java
View File

@@ -167,7 +167,7 @@ public class AuthorizationRestRepository extends DSpaceRestRepository<Authorizat
List<Authorization> authorizations = findAuthorizationsForUri(context, user, uri, featureName);
if (currUser != user) {
if (ObjectUtils.notEqual(currUser, user)) {
// restore the real current user
context.restoreContextUser();
}
@@ -196,7 +196,7 @@ public class AuthorizationRestRepository extends DSpaceRestRepository<Authorizat
List<Authorization> authorizations =
findAuthorizationsByUUIDList(context, type, uuidList, user, featureNames);
if (currUser != user) {
if (ObjectUtils.notEqual(currUser, user)) {
// restore the real current user
context.restoreContextUser();
}
@@ -223,7 +223,7 @@ public class AuthorizationRestRepository extends DSpaceRestRepository<Authorizat
try {
authorizations.addAll(authorizationsForObject(context, user, featureName, object));
} catch (Exception ex) {
log.error(ex.getMessage(), ex);
log.error("An error occurred during authorizations check");
throw new RuntimeException(ex);
}
}));

1
dspace-server-webapp/src/main/java/org/dspace/app/rest/utils/Utils.java
View File

@@ -976,7 +976,6 @@ public class Utils {
* @param uuid Object uuid
* @return the {@link BaseObjectRest} identified by the provided uuid
*/
public BaseObjectRest getBaseObjectRestFromTypeAndUUID(Context context, String type, String uuid) {
if (StringUtils.isBlank(type)) {

87
dspace-server-webapp/src/test/java/org/dspace/app/rest/AuthorizationRestRepositoryIT.java
View File

@@ -1806,9 +1806,10 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
.param("feature", alwaysTrue.getName())
.param("feature", alwaysFalse.getName())
.param("feature", trueForAdmins.getName())
.param("feature", trueForLoggedUsers.getName())
.header("X-On-Behalf-Of", eperson.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(2)))
.andExpect(jsonPath("$.page.totalElements", is(4)))
.andExpect(jsonPath("$._embedded.authorizations", contains(
allOf(
hasJsonPath("$.id", is(
@@ -1820,6 +1821,16 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
hasJsonPath("$._embedded.feature.id", is(alwaysTrue.getName())),
hasJsonPath("$._embedded.eperson.id", is(eperson.getID().toString()))
),
allOf(
hasJsonPath("$.id", is(
eperson.getID().toString() + "_"
+ trueForLoggedUsers.getName() + "_"
+ comRest.getUniqueType() + "_" + comRest.getId()
)),
hasJsonPath("$.type", is("authorization")),
hasJsonPath("$._embedded.feature.id", is(trueForLoggedUsers.getName())),
hasJsonPath("$._embedded.eperson.id", is(eperson.getID().toString()))
),
allOf(
hasJsonPath("$.id", is(
eperson.getID().toString() + "_"
@@ -1829,6 +1840,16 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
hasJsonPath("$.type", is("authorization")),
hasJsonPath("$._embedded.feature.id", is(alwaysTrue.getName())),
hasJsonPath("$._embedded.eperson.id", is(eperson.getID().toString()))
),
allOf(
hasJsonPath("$.id", is(
eperson.getID().toString() + "_"
+ trueForLoggedUsers.getName() + "_"
+ secondComRest.getUniqueType() + "_" + secondComRest.getId()
)),
hasJsonPath("$.type", is("authorization")),
hasJsonPath("$._embedded.feature.id", is(trueForLoggedUsers.getName())),
hasJsonPath("$._embedded.eperson.id", is(eperson.getID().toString()))
)
)));
@@ -1895,7 +1916,6 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
.param("uuid", itemId)
.param("uuid", secondItemId)
.param("feature", alwaysFalse.getName())
.param("feature", alwaysFalse.getName())
.param("eperson", admin.getID().toString()))
.andExpect(jsonPath("$.page.totalElements", is(0)));
@@ -1968,12 +1988,9 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
* @throws Exception
*/
public void findByNotExistingMultipleObjectsAndFeatureTest() throws Exception {
UUID wrongSiteId = UUID.randomUUID();
String siteId = wrongSiteId.toString();
String wrongSiteUri = "http://localhost/api/core/sites/" + wrongSiteId;
String wrongSiteId = UUID.randomUUID().toString();
Site site = siteService.findSite(context);
SiteRest siteRest = siteConverter.convert(site, DefaultProjection.DEFAULT);
String siteUri = utils.linkToSingleResource(siteRest, "self").getHref();
// disarm the alwaysThrowExceptionFeature
configurationService.setProperty("org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", true);
@@ -1983,8 +2000,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
// verify that it works for administrators, no result - with eperson parameter
getClient(adminToken).perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("uuid", wrongSiteId)
.param("feature", alwaysTrue.getName())
.param("eperson", admin.getID().toString()))
.andExpect(status().isOk())
@@ -1992,8 +2008,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
getClient(adminToken).perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("uuid", wrongSiteId)
.param("feature", "not-existing-feature")
.param("eperson", admin.getID().toString()))
.andExpect(jsonPath("$.page.totalElements", is(0)));
@@ -2001,15 +2016,13 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
// verify that it works for administrators, no result - without eperson parameter
getClient(adminToken).perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("uuid", wrongSiteId)
.param("feature", alwaysTrue.getName()))
.andExpect(jsonPath("$.page.totalElements", is(0)));
getClient(adminToken).perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("uuid", wrongSiteId)
.param("feature", "not-existing-one")
.param("feature", "not-existing-feature"))
.andExpect(jsonPath("$.page.totalElements", is(0)));
@@ -2019,8 +2032,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
// verify that it works for normal loggedin users - with eperson parameter
getClient(epersonToken).perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("uuid", wrongSiteId)
.param("feature", "not-existing-one")
.param("feature", alwaysTrue.getName())
.param("eperson", eperson.getID().toString()))
@@ -2028,8 +2040,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
getClient(epersonToken).perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("uuid", wrongSiteId)
.param("feature", "not-existing-one")
.param("feature", "not-existing-feature")
.param("eperson", eperson.getID().toString()))
@@ -2038,16 +2049,14 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
// verify that it works for normal loggedin users - without eperson parameter
getClient(epersonToken).perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("uuid", wrongSiteId)
.param("feature", "not-existing-one")
.param("feature", alwaysTrue.getName()))
.andExpect(jsonPath("$.page.totalElements", is(0)));
getClient(epersonToken).perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("uuid", wrongSiteId)
.param("feature", "not-existing-one")
.param("feature", "not-existing-feature"))
.andExpect(jsonPath("$.page.totalElements", is(0)));
@@ -2055,8 +2064,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
// verify that it works for administators inspecting other users - by using the eperson parameter
getClient(adminToken).perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("uuid", wrongSiteId)
.param("feature", "not-existing-one")
.param("feature", alwaysTrue.getName())
.param("eperson", eperson.getID().toString()))
@@ -2064,8 +2072,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
getClient(adminToken).perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("uuid", wrongSiteId)
.param("feature", "not-existing-one")
.param("feature", "not-existing-feature")
.param("eperson", eperson.getID().toString()))
@@ -2074,8 +2081,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
// verify that it works for administators inspecting other users - by assuming login
getClient(adminToken).perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("uuid", wrongSiteId)
.param("feature", "not-existing-one")
.param("feature", alwaysTrue.getName())
.header("X-On-Behalf-Of", eperson.getID()))
@@ -2083,8 +2089,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
getClient(adminToken).perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("uuid", wrongSiteId)
.param("feature", "not-existing-one")
.param("feature", "not-existing-feature")
.header("X-On-Behalf-Of", eperson.getID()))
@@ -2093,16 +2098,14 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
// verify that it works for anonymous users
getClient().perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("uuid", wrongSiteId)
.param("feature", "not-existing-one")
.param("feature", alwaysTrue.getName()))
.andExpect(jsonPath("$.page.totalElements", is(0)));
getClient().perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("uuid", wrongSiteId)
.param("feature", "not-existing-one")
.param("feature", "not-existing-feature"))
.andExpect(jsonPath("$.page.totalElements", is(0)));
@@ -2127,8 +2130,6 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
String adminToken = getAuthToken(admin.getEmail(), password);
String epersonToken = getAuthToken(eperson.getEmail(), password);
// for (String invalidUri : invalidUris) {
// log.debug("findByObjectAndFeatureBadRequestTest - Testing the URI: " + invalidUri);
// verify that it works for administrators with an invalid or missing uuid - with eperson parameter
getClient(adminToken).perform(get("/api/authz/authorizations/search/objects")
@@ -2221,7 +2222,6 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
.param("uuid", UUID.randomUUID().toString())
.param("feature", alwaysTrue.getName()))
.andExpect(status().isBadRequest());
// }
}
@Test
@@ -2242,7 +2242,6 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
getClient().perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("feature", alwaysTrue.getName())
.param("eperson", admin.getID().toString()))
.andExpect(status().isUnauthorized());
@@ -2251,7 +2250,6 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
getClient().perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("feature", alwaysTrue.getName())
.header("X-On-Behalf-Of", admin.getID()))
.andExpect(status().isUnauthorized());
@@ -2260,7 +2258,6 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
getClient().perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("feature", alwaysTrue.getName())
.param("eperson", eperson.getID().toString()))
.andExpect(status().isUnauthorized());
@@ -2269,7 +2266,6 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
getClient().perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("feature", alwaysTrue.getName())
.header("X-On-Behalf-Of", eperson.getID()))
.andExpect(status().isUnauthorized());
@@ -2299,7 +2295,6 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
getClient(anotherToken).perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("feature", alwaysFalse.getName())
.param("feature", alwaysTrue.getName())
.param("eperson", admin.getID().toString()))
@@ -2309,7 +2304,6 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
getClient(anotherToken).perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("feature", alwaysFalse.getName())
.param("feature", alwaysTrue.getName())
.header("X-On-Behalf-Of", admin.getID()))
@@ -2319,7 +2313,6 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
getClient(anotherToken).perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("feature", alwaysFalse.getName())
.param("feature", alwaysTrue.getName())
.param("eperson", eperson.getID().toString()))
@@ -2329,7 +2322,6 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
getClient(anotherToken).perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("feature", alwaysFalse.getName())
.param("feature", alwaysTrue.getName())
.header("X-On-Behalf-Of", eperson.getID()))
@@ -2351,7 +2343,6 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
getClient(adminToken).perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("feature", alwaysException.getName())
.param("eperson", admin.getID().toString()))
.andExpect(status().isInternalServerError());
@@ -2360,7 +2351,6 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
getClient(adminToken).perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("feature", alwaysException.getName()))
.andExpect(status().isInternalServerError());
@@ -2370,7 +2360,6 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
getClient(epersonToken).perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("feature", alwaysException.getName())
.param("eperson", eperson.getID().toString()))
.andExpect(status().isInternalServerError());
@@ -2379,7 +2368,6 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
getClient(epersonToken).perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("feature", alwaysException.getName()))
.andExpect(status().isInternalServerError());
@@ -2387,7 +2375,6 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
getClient().perform(get("/api/authz/authorizations/search/objects")
.param("type", "core.site")
.param("uuid", siteId)
.param("uuid", siteId)
.param("feature", alwaysException.getName()))
.andExpect(status().isInternalServerError());
}